W. R. Cheswick. An evening with Berferd, in which a cracker is lured, endured, and studied. In Proceedings of the Winter USENIX Conference. The USENIX Association, Enero 1992.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... 1 Introduction Object oriented communication has become popular in distributed systems [2, 22, 8] With objects or without them, distributed systems typically rely on networks with no low level support for security; the vulnerability of distributed systems is by now evident and worrisome [23, 4]. A need exists therefore for secure objectoriented communication. We describe the design and implementation of secure network objects. Secure network objects extend Modula 3 network objects [19, 2] with security guarantees. When a client invokes a method of a secure network object over the ....

W.R. Cheswick. An evening with Berferd, in which a hacker is lured, endured, and studied. In Proceedings of the Usenix Winter '92 Conference, 1992. 15

....use . Sensitive information and intellectual properties must be protected from unauthorized disclosure, modification, or destruction. The vulnerability of information that is accessible from or transmitted across the Internet is welldocumented (Stoll 1990; Bellovin 1992, 1993; CERT 1994; Cheswick and Bellovin 1994). Perhaps the most significant threat is the capability of any networked workstation to eavesdrop on network traffic. This could lead to the capture and exploitation of user authentication information. For example, the rash of computer break ins at some ESnet sites during December 1993 occurred ....

Cheswick, W. R., and S. M. Bellovin. 1994. "An Evening with Berferd." Chapter 10 in Firewalls & Internet Security . Addison-Wesley , Reading, Massachusetts.

....nement problem by introducing mandatory access control, but this e ort failed in commercial systems because its con dentiality protections were too strong and its integrity protections too weak. For an example of a more modern treatment of the con nement problem and its theory, see [12] Also, [24, 25] gives practical experience on the bene ts of con ning untrusted processes to a sandboxed jail . The authors used chroot( for con nement, which worked well for their purposes. Today, the rising importance of network security means that chroot( s inability to handle resources other than the ....

William R. Cheswick. An evening with Berferd, in which a cracker is lured, endured, and studied. In Proc. of the Winter USENIX Conf., 1992.

....which communicate over the network with cryptographic functionality. Still other efforts focus on adding instrumentation to COTS operating systems and server applications to support intrusion detection [17, 23, 20, 21, 11, 12, 22] maintain synthetic jail environments to contain intruders [9], or both [32] Each of the efforts listed above provides a useful solution in its own problem domain, but is generally limited in scope to a single kind of security augmentation, be it access controls, authentication protocols, or intrusion detection. In order to provide security, developers ....

....are able to base access control decisions on any state information that is available through a system call interface, allowing them to also enforce policies that are time based, or sequencebased, such as two man control. Wrappers are also suitable for implementing synthetic jail environments [9] in which process requests for sensitive resources are transparently remapped to alternative, less sensitive, resources. In addition to controlling operating system abstractions, wrappers are suitable for adding protocol based access control to communication streams. By wrapping a COTS server, a ....

W. R. Cheswick. An evening with berferd, in which a cracker is lured, endured and studied. In Proceedings of the Winter USENIX Conference, 1992.

....a level of service while moving through different organizational domains. Security. The simplest method in a global environment makes every principal responsible for its own security. This is not a bad idea, as AT T s experiences show that a server should not necessarily trust its portmapper [3, 13]. Similarly, it should not be up to a directory object to provide security for the client and server objects with which it conducts transactions. A potential security hole exists: if the client subsystem can respond with whatever information a server object requests, the enduser could become ....

B. Cheswick. "An evening with Berferd, in which a cracker is lured, endured, and studied." Tech. Rep., AT&T Bell Laboratories. ftp://ftp.research.att.com/dist/internet_security/berferd.ps.

.... 1 Introduction Object oriented communication has become popular in distributed systems [2, 23, 19] With objects or without them, distributed systems typically rely on networks with no low level support for security; the vulnerability of distributed systems is by now evident and worrisome [24, 4]. Therefore, a need exists for secure object oriented communication. We describe the design and implementation of secure network objects. Secure network objects extend Modula 3 network objects [18, 2] with security guarantees. When a client invokes a method of a secure network object over the ....

W. Cheswick. An evening with Berferd, in which a hacker is lured, endured, and studied. In Proceedings of the Usenix Winter '92 Conference, 1992.

....We are certainly not the first ones to attempt to trick attackers[Sto88, Sto89, HM91] But our motivation is somewhat different. We do not expect to prosecute, because (we hope) no damage will occur to our machines. This is not to say that the attackers do not try such things; see, for example, [Che92]. Nor, in general, do we care much about the identity of any particular attacker. Rather, we wish to study the attackers strategies, tools, and techniques. Our goal is to learn what kinds of attacks are employed, both to warn others and to protect our own networks from internal crackers or from ....

....to grab a (phony) password file via ftp are detected by a grep job run via cron. We thus cannot engage in counterintelligence activity in response to such pokes. Nevertheless, they remain very useful. These monitors and a serious attack discovered via them are described more fully in [Che92]. We also discovered that our gateway machine was being used as a repository for (presumably stolen) PC software. Assorted individuals would store such programs under a directory named . T , where T represents the control T character; others would retrieve it at their leisure. We idly discussed ....

[Article contains additional citation context not shown here]

W.R. Cheswick. An evening with Berferd, in which a cracker is lured, endured, and studied. In Proc. Winter USENIX Conference, San Francisco, January 1992.

....ICMP messages to nominally local broadcast packets that have reached us from around the world. 1 Introduction For security reasons, AT T s connection to the Internet is via a pair of application gateways[Che90] To maintain the security of the gateways, we monitor them for attempted intrusions[Che92]. Recently, we have also started looking for more inventive penetration attempts[Bel92b] We have indeed found such behavior. While looking, though, we noticed a surprising amount of other anomalous behavior, packets that do not appear to indicate an attempted break in, but are worthy of attention ....

W.R. Cheswick. An evening with Berferd, in which a cracker is lured, endured, and studied. In Proc. Winter USENIX Conference, San Francisco, January 1992.

No context found.

W. R. Cheswick. An evening with Berferd, in which a cracker is lured, endured, and studied. In Proceedings of the Winter USENIX Conference. The USENIX Association, Enero 1992.

No context found.

W. R. Cheswick, "An Evening with Berferd, in which a Cracker is lured, endured, and studied," in Proceedings of the 1992.

No context found.

W.R. Cheswick, An evening with berferd, in which a cracker is lured, endured and studied, Winter USENIX Conference, 1992.

No context found.

W.R. Cheswick, An evening with berferd, in which a cracker is lured, endured and studied, Winter USENIX Conference, 1992.

No context found.

W.R. Cheswick, An evening with berferd, in which a cracker is lured, endured and studied, Winter USENIX Conference, 1992.

No context found.

W.R. Cheswick, An evening with berferd, in which a cracker is lured, endured and studied, Winter USENIX Conference, 1992.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC