Nine principles of security architecture

“Security architecture is a new concept to many computer users. Users are aware of security threats such as viruses, worms, spyware, and other malware. They have heard of, and most use, anti-virus programs and firewalls. Many use intrusion detection. Architectural security, though, remains a mystery to most computer users.”

The truth is, anti-virus software, firewalls, and intrusion detection are only the surface of security. They are all reactive measures that attempt to respond to active threats, rather than proactive measures that anticipate threats and try to make them harmless. These applications have a major role to play, but are not enough in themselves.

Behind reactive security measures is the much broader field of architectural security: How to set up a secure system to prevent security breaches, how to minimize breaches if they occur, and how react to an intrusion and recover from it if it happens.

Architectural security is a subject that fills dozens of books. However, if you ignore the exact configuration techniques, you can break down architectural security into nine basic principles which are widely agreed upon by security architects. They apply whether you are programming, doing systems administration, or using desktop applications, and they apply whether you are managing a single home machine or a large network. They are not exact laws so much as methods of how you should think about security.

If you learn these basic principles, you can not only make more informed choices when installing and configuring software, but also learn more about your operating system. As a side benefit, you’ll also understand the reasoning behind claims that OpenBSD is more secure than GNU/Linux, or that both are more secure than Windows. (more…)

Security News Portal, computer networking security hacking and virus news alerts and advisories

New Internet Explorer Vulnerability leaves users at risk
Unfortunately MS says they don’t have a fix for it…
11-22-2005 1:56:23 PM CST — from the folks at Microsoft…

Microsoft is investigating new public reports of vulnerability in Microsoft Internet Explorer on Microsoft Windows 98, on Windows 98 Second Edition, on Windows Millennium Edition, on Windows 2000 Service Pack 4, and on Windows XP Service Pack 2. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected.
Microsoft has also been made aware of a proof of concept code targeting the reported vulnerability but they are not aware of any customer impact at this time. MS will continue to investigate these public reports. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible. Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed….continued….

For more information visit the Microsoft site by clicking here….

Hmmmm… so the only advice that Microsoft has to offer is to ” encourage users to exercise caution when they open links in e-mail.”… Doh ! Too bad that back in May 2005 MS didn’t take the Denial of Service potential of this vulnerability more serious and instead chose to put it on their backburner. Which leaves us to wonder about how many other “things: are sitting on the MS backburner. And I am curious about those months that went by where no patches or only one patch was issued for the month. Why didn’t they get around to fixing the DOS problem during those patchless months ? The mind boggles at the questions that this revelation raises…

New worm targets Linux systems | CNET News.com

New worm targets Linux systems | CNET News.com
A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, antivirus companies warned on Monday.

The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm “Lupper.”

Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.

A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.

The worm exploits three vulnerabilities to propagate: the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf’s Webhints Remote Command Execution Vulnerability, according to Symantec’s online description of the worm.

The XML-RPC flaw affects blogging, wiki and content management software and was discovered earlier this year. Patches are available for most systems. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf’s Webhints is a hint generation script; no fixes are available for the script, according to Symantec’s DeepSight Alert Services.

McAfee rates Lupper as low risk. Symantec, which calls the worm “Plupii,” rates it medium risk, but notes that the worm has not been widely distributed. The SANS Internet Storm Center, which tracks network threats, reports some worm sightings.

Symantec and McAfee have updated their products to protect against the worm. If a system has been infected, Symantec recommends complete reinstallation of the system because it will be difficult to determine what else the computer has been exposed to, the company said.

Slashdot | No Defense Against Windows Rootkits?

No Defense Against Windows Rootkits?
Posted by CmdrTaco on Wednesday September 28, @11:27AM
from the bend-over-and-take-it dept.
Security
An anonymous reader writes “Spyware bad guys (and also phishing people) started using rootkits technology to stay hidden in a system. The problem is that at the moment the technology to defend a Windows system from these things is very poor. In fact antivirus companies have just started adding basic anti-rootkits technology. So the problem is serious, and well outlined by this question: Is the closed source code of Windows preventing us from actively defending our systems?”">Slashdot | No Defense Against Windows Rootkits?: “No Defense Against Windows Rootkits?
Posted by CmdrTaco on Wednesday September 28, @11:27AM
from the bend-over-and-take-it dept.
Security
An anonymous reader writes ‘Spyware bad guys (and also phishing people) started using rootkits technology to stay hidden in a system. The problem is that at the moment the technology to defend a Windows system from these things is very poor. In fact antivirus companies have just started adding basic anti-rootkits technology. So the problem is serious, and well outlined by this question: Is the closed source code of Windows preventing us from actively defending our systems?’”

Senate approves electronic ID card bill | CNET News.com

Senate approves electronic ID card bill | CNET News.com: “Last-minute attempts by online activists to halt an electronic ID card failed Tuesday when the U.S. Senate unanimously voted to impose a sweeping set of identification requirements on Americans.

The so-called Real ID Act now heads to President Bush, who is expected to sign the bill into law this month. Its backers, including the Bush administration, say it’s needed to stop illegal immigrants from obtaining drivers’ licenses.

If the act’s mandates take effect in May 2008, as expected, Americans will be required to obtain federally approved ID cards with ‘machine readable technology’ that abides by Department of Homeland Security specifications. Anyone without such an ID card will be effectively prohibited from traveling by air or Amtrak, opening a bank account, or entering federal buildings.

After the Real ID Act’s sponsors glued it to an Iraq military spending bill, final passage was all but guaranteed. Yet that didn’t stop a dedicated cadre of privacy activists from trying to raise the alarm in the last few days.”