Results 1 to 10 of 10

Thread: Lion

  1. #1
    Junior Member
    Join Date
    Jan 2005
    Location
    USA
    Posts
    7

    Lion

    Ok, so Lion has been released and the books on using it are starting to roll off the presses. What about all the supposed new security features that are rumored to have been built in? How is the whole disk encryption? Is it enterprise manageable? How is the auditing utility that is supposedly a rival for Microsoft's event viewer? Other new security features or links to *solid* reviews and whitepapers?

  2. #2
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    1. Disk encryption is relatively useless on anything outside of laptops. It also offers little or no protection against remote attacks
    2. Apple still has not addressed the fundamental flaws with the package management system, paths to root, weak sandboxing, and improper/partial implementation of DEP and ASLR.
    3. Auditing is still suspect on any system that does not support CAF functionality, ad that to the lack of a reference monitor and the logs are not truly trustworthy.
    4. The management utilities have had mixed reviews. SOme poeple love it, others absolutely despise it due to reduced functionality.

    Most of the admins I know are refusing to upgrade and advising clients to switch to more secure/manageable Linux or Windows platforms.
    Real security doesn't come with an installer.

  3. #3
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    Quote Originally Posted by D0pp139an93r View Post
    1. Disk encryption is relatively useless on anything outside of laptops. It also offers little or no protection against remote attacks
    You may want to revise that to something more along the lines of:
    Disk encryption is relatively useless.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    1. Disk encryption is relatively useless on anything outside of laptops.
    I am afraid that misses the point. Encryption has been around for thousands of years (Caesar Code?), and its purpose is to protect information whilst it is in transit.

    In recent years there have been numerous balls-ups where people just haven't realised what "in transit" really means. You don't have to be sending things to someone, information is in transit as soon as it leaves your physical security perimeter, for whatever reason.

    That means it applies to laptops, removable drives, CD/DVD, flopticals and USB devices etc.

    Basically, sensitive data on any electronic storage media that leaves your site, should be encrypted, even though that is technically a last resort, as it implies that your data can be accessed by the wrong people.

    Once you are within your physical security perimeter then encryption is of little value as you have to decrypt the data to use them, and then they can be intercepted or accessed.

    I would argue that encryption would be counter productive in this scenario as:

    1. It introduces a considerable processing overhead.
    2. It could lead to a false sense of security and bad habits elsewhere.

    As for Apple............whole disk/medium encryption is not rocket science so I would expect theirs to be as good as any other, from a security viewpoint.

    Likewise I would expect it to be as "enterprise manageable" as any other.

    I wouldn't know about the rest as I have no intention of using Apple or their operating systems. But I would say that the company is pretty cautious in its developments, so I wouldn't expect anything spectacular.

    I do not recall an ME or a Vista from Apple

  5. #5
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    The only real point to disk encryption as nihil said, is for when you're at the airport in the crapper and somebody grabs the laptop bag from under the door.
    Real security doesn't come with an installer.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey Doppy............good to see you back.

    OK, lets have some serious security talk here, and expand this thread a bit?

    Courts over here generally have a very low level of knowledge of IT in general and security in particular...... it don't know what it is like with you?

    So, if you are up on a due diligence charge it would be nice to say that "I used the Apple recommended and provided disk encryption software". That should get you some pretty slick lawyers courtesy of Apple?

    Disk encryption in general is a pretty good cover your ass strategy at the moment?

    However, you do need to be consistent, as it would be worse than embarrassing if your encrypted laptop was stolen, and had unencrypted DVDs containing confidential data in the bag. That's why I made a fuss about other media By encrypting the HDD you have admitted that you understand security issues...........the unencrypted stuff indicates reckless indifference?

    So I guess the next question would be "OK, I can encrypt my HDD, but is there the facility to encrypt the backups and any files that I might copy to other portable media?"

    No big deal if there isn't, but you do need to know.

  7. #7
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Quote Originally Posted by nihil View Post
    So, if you are up on a due diligence charge it would be nice to say that "I used the Apple recommended and provided disk encryption software". That should get you some pretty slick lawyers courtesy of Apple?
    I doubt Apple would be recognized as a source of realistic security advice/technology. That being said, I would concentrate on the underlying technology. "Well, we were using full disk encryption with 256 bit keystrength and AES-CBC cipher" with supporting examples of inefficiency of attacks against the full 14 round AES cycle, etc. Maybe even an entropy analysis of the key guidelines without disclosing the actual key.
    Real security doesn't come with an installer.

  8. #8
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    The strength of the key doesn't really matter in a cold-boot attack, however, as long as your computer is either on or in sleep mode.

  9. #9
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Quote Originally Posted by metguru View Post
    The strength of the key doesn't really matter in a cold-boot attack, however, as long as your computer is either on or in sleep mode.
    Interesting point. That can generally be mitigated through the use of a TPM that properly integrates with the disk encryption a la Bitlocker.

    EDIT: Nevermind... half asleep. lol. **** FireWire.
    Real security doesn't come with an installer.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    I doubt Apple would be recognized as a source of realistic security advice/technology.
    That is absolutely true, and I mean no disrespect to Apple there. It isn't an area where you would want the supplier up close and personal.

    I am afraid that my point was rather more crude than you gave me credit for (thanks for that, you can come again).

    It's like when there is a line of guys/gals in beamers, mercs and porsches outside your door wearing Armani suits (or Yves St Laurent/Balmain) .......they will be the best lawyers that money can buy.........but it won't be your money, it will be "pro bono"....... but you know where the funding will have come from?

    Yes, I am getting to be a very cynical "bar steward" in my old age If it came to a lawsuit I would want the Apple and MS legal teams behind me, but not so obviously as to admit corporate involvement?

Similar Threads

  1. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  2. Lions and Tigers and Bears...oh my!
    By morganlefay in forum Cosmos
    Replies: 15
    Last Post: September 21st, 2005, 04:04 PM
  3. great science
    By neohunk in forum Tech Humor
    Replies: 9
    Last Post: February 4th, 2004, 12:07 PM
  4. long liv scientists
    By neohunk in forum Tech Humor
    Replies: 0
    Last Post: December 22nd, 2003, 02:41 PM
  5. My firewall block this attempt.. but need info
    By LordChaos in forum Firewall & Honeypot Discussions
    Replies: 19
    Last Post: October 4th, 2002, 11:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •