From: Dale Amon <amon@vnl.com>
To: John Scroggins <dataefx@earthlink.net>
Cc: SELinux@tycho.nsa.gov
Subject: Re: [Fwd: Partial TOC for Comment]
Date: Fri, 17 Aug 2001 00:12:26 +0100 [thread overview]
Message-ID: <20010817001226.J18183@vnl.com> (raw)
In-Reply-To: <3B7C7C69.E7B84C68@earthlink.net>
On Thu, Aug 16, 2001 at 07:07:37PM -0700, John Scroggins wrote:
> Please give me your feedback/critique on the TOC, and if you can think
> of additional subject headings (I do have more, but I want to see if
> this is moving in the right directiom..)
>
I'd suggest a spell checker :-)
Presumably the first sections will be a discussion of the why and
of the threat model and how SELinux secures you against those
classes of threats.
My personal feeling is that this sort of discussion throughout
will be important. I don't expect SELinux will protect against
all possible threats and it would be bad for someone new to
computer security to read a book, install it, and start
bragging.
I'd say that a good section should be set aside to interpreting
log information. Having a "secure" system does you no good if
you just let the kiddies and the black hats tinker undisturbed.
Given peace and quiet and enough time, I'm sure *anyone* can
break into *anything*.
I find the idea of real time revokation interesting, because if
you see signs of an attack in progress, you can pull the rug
right out from under it... but again, only if you *realize* it
is an attack.
Some of these issues become much more complex in a public system
than in a closed system. In a closed and controlled environment
almost anything out of the ordinary is suspicious; and innocent
triggering is fairly easy to spot.
In summary, I think you need to tell not only how to set it up
and configure it and what the theory is behind it, but also
how to use it.
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2001-08-16 23:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-17 2:07 [Fwd: Partial TOC for Comment] John Scroggins
2001-08-16 23:12 ` Dale Amon [this message]
[not found] ` <3B7D591A.EA28B00C@earthlink.net>
2001-08-17 11:23 ` Dale Amon
2001-08-18 11:43 ` LeRoy Cressy
[not found] ` <20010818084601.A7060@vnl.com>
[not found] ` <3B7FD0EE.398E6F02@telocity.com>
2001-08-19 4:58 ` Dale Amon
2001-08-17 17:20 ` Benjamin D. Thomas
2001-08-17 19:00 ` John Scroggins
2001-08-17 17:37 ` Conan Callen
2001-08-17 20:05 ` John Scroggins
2001-08-16 23:18 ` Dale Amon
2001-08-17 18:03 ` Conan Callen
2001-08-17 19:51 ` John Scroggins
2001-08-17 20:09 ` Conan Callen
2001-08-17 11:42 ` Dale Amon
2001-08-17 22:21 ` John Scroggins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010817001226.J18183@vnl.com \
--to=amon@vnl.com \
--cc=SELinux@tycho.nsa.gov \
--cc=dataefx@earthlink.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.