Re: Measuring strength of file protection
- From: Stephen Hoffman <seaohveh@xxxxxxxxxxxxxxxxxxx>
- Date: Sat, 9 Jun 2012 11:04:02 -0400
On 2012-06-09 13:18:46 +0000, Jose Baars said:
At a security audit checking the file protection of files like SYSUAF.DAT,
A protection strength score? Totalling up some sort of protection score? protscore? Is that part of the design requirements? Or is this some sort of homework? I ask this because "strength" implies there might be some confusion or a misconception around how the protection mask and the ACLs works. Object access is a boolean. Either you have access to the object, or you don't. Either the protection mask matches the OpenVMS recommendations or the site-specific requirements, or it doesn't.
For the folks that monitor this stuff, some folks would brute-force slam the protection and ACL settings to the required value nightly and move on, and some folks would (better) read off the current protection settings and match the whole strings against the requirements, and flag an error to the operations staff.
Sites with a particular interest in monitoring this sort of stuff would set up a custom audit receiver process, and watch for real-time changes to the files of interest. Or would acquire one of the various products that provide this.
There are HP OpenVMS, NIST, USPS and other guidelines available, with some links here:
<http://labs.hoffmanlabs.com/node/43>
You won't find a concept of protection-mask scoring present in any of those.
Given your employer, this may be a customer requirement, or this might be work associated with one of your employer's tools or products. And if this is for a tool or a product, the answer is still the same. This is a boolean; the protection and ACL settings match, or they don't.
If you're stuck with this "scoring" design, then consider an implementation in something other than DCL. But in general, you're writing a state machine here, so using techniques from that will likely work best. Given you're probably going to end up rewriting this stuff once somebody with a clue discovers this design, keep the action routines generic as you can manage. Well, that, or expect this code to get ripped out and replaced with a better design; something which matches against a cached list of protections and ACLs, and totals up the failures. And in the case of a failure on matching the SYSUAF protection settings, that's a major failure.
Personally and in all bluntness, I'd have your designer on my office carpet, and we'd be discussing the wisdom of and the problems with this proposed scoring design within the protection mask. Also with what happens when somebody with a clue about security learns how this current scoring design works - from what's been posted here, this is an "egg on your face" design, and not effective security. You clearly already know this design is "silly", based on your use of that word.
.
- References:
- Measuring strength of file protection
- From: Jose Baars
- Measuring strength of file protection
- Prev by Date: Re: Project Odyssey, Moonshot/Redstone (was Re: When HP loses to Oracle....)
- Next by Date: Re: Measuring strength of file protection
- Previous by thread: Measuring strength of file protection
- Next by thread: Re: Measuring strength of file protection
- Index(es):
Relevant Pages
|
