Hello, On Wed, 2009-03-11 at 12:43 +1000, Scott Radvan wrote: > Hi all, > > > I have built HTML and PDF versions of the very-nearly-finished > Security Guide, which has its focus on Fedora and is on its way to > being available in the upcoming 11 release. > I thought there may be some members of this list who would like to take > a look at it. > Any reviewers/comments at all are of course more than welcome. How do you want comments? I see the other comments back to this list but I also followed some links down to fedorahosted.org under the "We need feedback" section. > http://sradvan.fedorapeople.org/Security_Guide/en-US/ I've only given it a preliminary glance but I've passed the URL onto others of my "Threat Analysis Team" at Internet Security Systems (ISS now IBM-ISS). Here are some of my preliminary thoughts on what you have and I'll look at signing up on the site... Couple of things. Very good on the smart-card stuff. I'm a very big proponent on that. The more the better. Please add information on using smartcards with ssh. I got that to eventually work on F9 but it was a royal PITA. Really could use an expanded section on ssh and ssh authentication methods. Ssh is such a major component in a number of other tools, such as rsync, it needs emphasized coverage or possibly a reference to more extensive works. Use of authentication keys and authentication agents should get some coverage. Kerberos got fairly extended coverage but I would wager more people use ssh than have to deal with Kerberos. 2.1.3. Password Security Creating strong passwords and password creation methodology - very good. More emphasis on "passphrases" to replace "passwords" would be even better. IMNSHO, password aging is actually bad for security. People think it improves security when, in fact, it degrades security. My reasoning here: In addition to encouraging people to write them down (which is one good point against password aging): * It ignores the "anatomy of a hack" model where the attackers first action as part of compromising a password is to secure his access regardless of password. This can take the form of backdoors or simply ssh authorized keys. The password is never needed after that. * For the above reason, changing a password does not resecure a compromised account nor does it limit access from an attacker. * It encourages people to use the same or similar passwords for multiple accounts to ease remembering. * It forces users to periodically enter a "new" password twice under circumstances which may itself lead to compromise. Shoulder surfing someone when they are changing a password is much easier because it's easier to spot and they're entering it twice making the shoulder surfing itself easier. Trojaned password changing apps are also common in hacker toolkits. * It discourages strong (difficult to remember) passwords. Good strong passwords can be difficult to come up with. A good strong password is not something an attacker is going to brute force (maybe shoulder surf, if he's really REALLY good at it). * Encouraging weak passwords can result in a "jumping in front of a bus" effect (this time around you just happen to select a password they are guessing for). * It is no replacement for strong passwords which have been checked for complexity. * With stong passwords, it is not necessary. * Without strong passwords, it is not sufficient. * It may be required for corporate compliance under the guise of "security" but that can lead to a false sense of security. You may have to do it anyways, just don't even begin to think it means you're secure. Section 3 Encryption No mention of E-Mail encryption, or S/MIME (or PGP/Mime). Section 2.2 Server Security No mention of using SSL protected protocols (https, pop3s, imaps, smtps) as secure alternatives. > Cheers, Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
