Re: speaking of Network Magazine - Article on Innovative Roo…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Jeremy C. Reed
Date:  
To: plug-discuss
Subject: Re: speaking of Network Magazine - Article on Innovative Rootkits
> Interesting magazine - this month has a number of articles that I
> thought were interesting but this one caught my attention. Suggests that
> the day of the rootkit and 'poisoned' ls, ps etc. is/will be replaced
> with kernel modules that at the kernel level, can evade detection by
> typical security tools such as tripwire and at kernel level, can scrub
> itself from processes showing in things like top and ps.
>
> Seems as though the stakes of security administration is rising above
> and beyond the merely intelligent.


NetBSD has a cool feature called "verified exec" where fingerprints of
executables are loaded into the kernel and BSD security level is used so
that can't be changed (unless system is rebooted). The hashes are compared
before execution to prevent trojans.

http://netbsd.gw.com/cgi-bin/man-cgi?veriexecctl++NetBSD-2.0
http://netbsd.gw.com/cgi-bin/man-cgi?verifiedexec++NetBSD-2.0

Also, NetBSD has verification of allowed script interpreters before use.

Jeremy C. Reed

                 BSD News, BSD tutorials, BSD links
                http://www.bsdnewsletter.com/


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss