Posted
06 October 2002 @ 10 PM

Tagged
security

2 Comments

Trace 'em

Systrace, as you know(if you are hard core about OpenBSD and security) is a tool for sandboxing local applications running locally( as opposed to the java sandbox, which runs a remote program locally). They now have a pretty GUI to Systrace. You can assign access parameters for a purticular application. If the program is asking access to a new resource, the Systrace window pops up. You can deny / allow depending on whether that app needs the resource. Thus policies are redefined on the fly. It has basic host based intrusion detection features and can alert over the network. A white paper on systrace.

2 Comments (closed)

Posted by
Codey

08 October 2002 @ 10 PM

Proof of concept why it might not succeed... look at the number of gator installs.... :) You cannot make do for dumb users.....

Posted by
Nilesh

09 October 2002 @ 8 AM

Ya, true but OpenBSD is not for dumb users. Atleast as of now. I would say this tool is useful more on servers; for sandboxing services like HTTP, SMTP and DNS. These services require little access to the core system files. If they try to access anything else, one can be sure that the machine has been compromised. You can then take the necessary action. You get various commercial host-based IDSes. Systrace is an open-source answer to those and much more.