From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id p1MGriDI006146 for ; Tue, 22 Feb 2011 11:53:44 -0500 Received: from c-sl428.itechfrontiers.net (localhost [127.0.0.1]) by msux-gh1-uea01.nsa.gov (8.12.10/8.12.10) with ESMTP id p1MGrhoV025555 for ; Tue, 22 Feb 2011 16:53:43 GMT Message-ID: <4D63EA14.2080701@itechfrontiers.com> Date: Tue, 22 Feb 2011 11:53:40 -0500 From: "cto@itechfrontiers.com" MIME-Version: 1.0 To: Sanjai Narain CC: selinux@tycho.nsa.gov Subject: Re: SELinux and Stuxnet References: <0B31D28E10F4FA489A0261135B94A14804A4489F@XMB-AMS-109.cisco.com> <4D45E42A.80303@research.telcordia.com> <4D4604DB.3060402@itechfrontiers.com> In-Reply-To: <4D4604DB.3060402@itechfrontiers.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On 1/30/2011 7:39 PM, cto@itechfrontiers.com wrote: > Hello, > > Stuxnet is a Windows Worm, and SELinux is Mandatory Access Control for > Linux > > on Linux SELinux can reduce the impact of such worms if targeting Linux > boxes, but it is not a preemptive mechanism for not having any kind of > compromise due to any vulnerability, Although if you protect your system > and targeted processes you may have reach the goal of containing the > impact of possible compromises > > > Best, > > Patrick K. > > On 1/30/2011 5:20 PM, Sanjai Narain wrote: >> Has there been thinking on whether SELinux-hardened machines can avoid >> the spread of Stuxnet-like worms? Thanks. --Sanjai >> > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov > with > the words "unsubscribe selinux" without quotes as the message. Sanjai, SELinux is Mandatory Access Control for Linux Stuxnet only compromises Windows, SCADA and PLC 7 systems (Siemens systems) it is a worm, for a worm to compromise a system you need to have certain vulnerabilities It cannot compromise Linux (the same way); as that worm has been designed for particular purposes and taking advantages of Windows vulnerabilities If you mean protecting a network using Linux front ends or inline systems Like IPS systems that's another story which is irrelevant to SELINUX actually (although an IPS system -Intrusion Prevention system- on Linux can take advantages of SELINUX) in brief , theoretically in case of a worm for Linux, it could be contained if SELINUX is effectively used. in practice Stuxnet is for Windows Best, Patrick K. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.