Trace 'em
October 6, 2002 10:58 PM
Systrace, as you know(if you are hard core about OpenBSD and security) is a tool for sandboxing local applications running locally( as opposed to the java sandbox, which runs a remote program locally). They now have a pretty GUI to Systrace. You can assign access parameters for a purticular application. If the program is asking access to a new resource, the Systrace window pops up. You can deny / allow depending on whether that app needs the resource. Thus policies are redefined on the fly. It has basic host based intrusion detection features and can alert over the network. A white paper on systrace.
2 comments have been added.
Add your comments.
1.
Codey said...
Proof of concept why it might not succeed... look at the number of gator installs.... :)
You cannot make do for dumb users.....
2.
Nilesh said...
Ya, true but OpenBSD is not for dumb users. Atleast as of now. I would say this tool is useful more on servers; for sandboxing services like HTTP, SMTP and DNS. These services require little access to the core system files. If they try to access anything else, one can be sure that the machine has been compromised. You can then take the necessary action. You get various commercial host-based IDSes. Systrace is an open-source answer to those and much more.
Your Comments
* Please do not put off-topic comments. We reserve right to delete them at our discretion. You can post anonymously. If you are unable to see your posted comment immediately, it may have been queued for moderation. So do not submit it again. HTML formatting is allowed (only a, b, i, br, p, strong, em, ul, li & blockquote are allowed). Do not put paragraph tags. They are automatically inserted.
2 comments have been added. Add your comments.
1. Codey said...
Proof of concept why it might not succeed... look at the number of gator installs.... :)
You cannot make do for dumb users.....
2. Nilesh said...
Ya, true but OpenBSD is not for dumb users. Atleast as of now. I would say this tool is useful more on servers; for sandboxing services like HTTP, SMTP and DNS. These services require little access to the core system files. If they try to access anything else, one can be sure that the machine has been compromised. You can then take the necessary action. You get various commercial host-based IDSes. Systrace is an open-source answer to those and much more.
Your Comments
* Please do not put off-topic comments. We reserve right to delete them at our discretion. You can post anonymously. If you are unable to see your posted comment immediately, it may have been queued for moderation. So do not submit it again. HTML formatting is allowed (only a, b, i, br, p, strong, em, ul, li & blockquote are allowed). Do not put paragraph tags. They are automatically inserted.