> Date: Tue, 24 Jun 1997 14:44:39 -0700
> From: "Alberto U. Begliomini" <aub @
sirius .
com>
>
> I am looking for documentation, articles, and papers on how to make
> a NT Web server, sitting on the perimeter network of a firewall, secure.
>
> Also I am looking for tools on NT whose Unix equivalent are Tripwire,
> Cops, Swatch, etc.
>
> Basically, I would like to know how people make a NT server as secure as
> a Unix server can be made, and which kind of tools are used to notify
> the system administrators in case an attacker breaks in.
>
> Any help is greatly appreciated.
>
> Thanks --Alberto
We've been using our Decaf product, which allows you to make any file,
directory, device, or "directory tree" either read-only or inaccessible
to any process you want. This condition is inherited by all the children
of any such process, and is true no matter what the UID is (i.e., it
applies to root the same as to other users).
The bad news is that our Solaris 2.4, 2.5.1, and 2.6 (yes, we have the
2.6 source here) are done, but our NT version is still in production
for release this summer. I'll let you know when it's available.
We've used it on the http daemon, inetd, and other network daemons. We've
also been using it on login shells to make some users run restricted even
if they should somehow know root's password or manage to break out of a
setuid root program into a program of their choosing.
Currently you can't use Decaf to limit access to a port number or to a
network address or to an interface, so it can't do everything you are
looking for, but our customers seem pretty happy about it. Decaf is
currently being used to protect webservers, firewalls, and network servers.
I think some people on this list have downloaded it from our webpage,
but I don't recall seeing any comments about it, either pro or con.
Any flames anyone?
Also, check with the COAST guys at Purdue. I was over there a few months
ago to do a colloquium for Gene Spafford's security group. Gene took me
around to show me what they are doing and he mentioned some of the NT
technology they are working on. They seem to be emphasizing the intruder
detection aspects of security, and by now they may have what you are
looking for.
paul
---------------------------------------------------------
Paul McNabb Argus Systems Group, Inc.
Vice President and CTO 1809 Woodfield Drive
mcnabb @
argus-systems .
com Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433 "Securing the Future"
---------------------------------------------------------
|
|
