Quote:
Catch: Love the way you use a crappy OS to prove your point........ ;)
If the point doesn't hold under all circumstances... it is a logical fallacy. :-P
Quote:
How about shifting up to a Win2K box for example - You know, give me a _chance_ to argue the point.
Because then it becomes an argument about the subtleties of two similar (securitywise) system and not an argument about some systems being inherently more secure than others. (which if this were not the case DOD-STD-5200.28 and ISO 15408 would not exist)
Quote:
Manuals are all well and good but it takes a talented sysadmin to write them in the first place. You need the talented guy because each network is different offering different services internally and externally and the software managing the services differs from system to system too. Yes you can give a literate admin a manual for how to lock down a Win2K box for example as it comes out of the box but then what happens when he needs to add services. If you write the manual for today it'll probably be obsolete tomorrow - a problem I have just maintaining my own system's documentation. When the literate sysadmin decides that mail program X is the mail server he is going to use the information may not be in your manual as to how to secure it. It's there that the "talent" comes in.... The talented sysadmin goes away and researches what the program does, where the potential weaknesses may be and then with his knowledge of the system as a whole determines how best to secure the product. You made these points yourself but I thought they were worth reiterating.......
*cringe* I hate to say it, but it is clear to me that you have either never used a well documented OS or have just not been aware of the documentation available for it.
Trusted facilities manuals (TFMs) are not written by system administrators, they are written in the design stage and tuned during QA. This gives the document a completely different spin than you'd find in something written by someone who is basing their knowledge on use of the system rather than involvement in its actual design.
Good documentation and system design should work in a modular manner that services and systems in a network may be dropped in a black boxed format (each system or subsystem configured as X with all defined I/O configured to the spec as well)
Allowing a system administrator to have any say at all in system configuration is just asking for trouble. High assurance/high security systems have all administrator functions documented to unyielding procedures and if these procedures are well formed (which is easier to do than to find an equivalently talented admin) your system will be correctly managed.
All things like researching new products and such should be done by the risk management team.
Quote:
So, really, it still comes back to the admin. An admin that attends to detail, understands his system, understands how attacks may take place, properly monitors traffic and learns his networks traffic patterns is a far better admin than the many who pop Win2k, *nix or whatever right out of the box, installs a bunch of services and dumps it right on the net with none of the above "prerequisites".
Again the admin should not have this level of involvement, the admins should merely follow procedures and have limited knowledge of the systems themselves, this is why many security focused organizations use role rotation specifically for admin roles. This way the admins never have too long on any given system, plus the admin that takes their spot after audits their work, though with a proper change control management system (ccms) this is less of an issue.
Quote:
Is a talented sysadmin "hack-proof"? Of course not, but the chances are much greater that it will take a more talented cracker to break in rather than some lame script kiddie or automated worm.
Relying on talented admins means you need to have many admins that are all equally talented for large systems otherwise points of weakness will appear or inside attacks can happy admin from shift X is counted on for his talent so no CCMS is in place and no procedures are followed and the admin from shift Y isn't as talented so he may miss X's inside hack or may miss an error in X's uber talented configuration to fix whatever.
Computer security is about a single universal principal... assurance. The more you have the more secure any system is. Fact of the matter is some OSes offer more assurance than others. Fact of the matter is that an infrastructure based on policies, standards, guidelines, procedures, CCMS, role rotation, and dedicated risk management is going to offer far greater assurance than a few talented admins working ad hoc.
catch
PS. maxim_86ualb2 please save the trite, regurgitated comments for a thread more deserving. :)
