BOEING MEETING
November 18, 1998
2:00 – 3:00
1131 ENG II
In attendance:
David Klotz (DK), Jeff Rowe (JR), Jason Schatz (JS) and Chris Wee (CW)
TOPICS
Immutable files in FreeBSD
Demonstration for Boeing
Chris Wee demos his firewall in Sec Lab 1
1) DK: Immutable files in FreeBSD – root cannot
affect them. FreeBSD own by INIT. File set up – root can increase
security level. You can only add (not remove) restrictions.
If the host is compromised, you can still trust it.
a) CW: Changes security semantics on some operations on the operating
system
b) DK: Any host-based response program adds a lot if you can trust
it if the host is compromised
c) CW: Is the host-based response system any good?
d) DK/JS: Yes, it has an append only system for log files – backup and
restore problems
e) JS: You can change security method to allow owner to modify/delete
f) DK: CD Writer is an append-only system.
g) CW: CD Writer drivers only listen to the last table of contents.
So the data is still there, but you can’t see it on the table of contents.
h) CW: Set flags, try to root kit system
i) JS: Write language with hosts as objects, define key relationships
through transitive closure which host access. Modeling typology of
network
2) DK: For Boeing, provide a demonstration
of any protected process running.
a) JR: If it only runs on BSD, it won’t be impressive.
b) DK: Solaris source code
c) JR: Need host-based response system.
d) DK: Crisis system?
e) CW: Include host-based system into Solaris. Loaded kernel
module – read access control list – user/system codes
f) Honey pots for “Red Team” – script a bunch of responses
g) JS: Script good responses and underhanded response to screw the
“Red Team”
h) CW: IDIP interface to IP Firewall
i) JR: Or TCP wrappers
j) CW: Andrew Gross from University of Sand Diego – white paper,
good hacker
k) CW: IPFW execute on command level, dynamic flush
l) JS: Establish a connection
m) CW: There is leeway in how we design the environment; encryption
software. Everything in system is encryption only DSSH running.
Load PRLPC
3) Chris Wee provides a demonstration of his firewall
in the Security Lab.