On Tue, November 28, 2017 9:21 am, Lamar Owen wrote:> On 11/27/2017 02:02 PM, m.roth at 5-cent.us wrote: >> Pete Biggs wrote: >>> - don't run ssh on 22, use a different port. >> I consider that pointless security-through-obscurity. > Security through obscurity it may be, but it isn't pointless. Tarpitsare in a similar class; they don't help with security in the absolute sense, but they slow the attacker down, and that might be enough to prevent the attack from continuing.? (that is, put a tarpit on port 22 and run the real ssh elsewhere!)? Any and all stumblingblocks you can put in the attacker's way, whether they're 'real' security or not, are worth at least looking at and evaluating their usefulness.? Port knocking is an extreme form of security through obscurity, in reality, and falls into this class of tools. Likewise fail2ban; all it really does is slow down the attacker.> > No, obscurity-increasing tools will not stop the determined attacker,but, it is very true that these sorts of measures can and do increase the signal-to-noise ratio in your logs; what does get logged will likely be much more useful and indicative of a more determined attacker.? Anything that substantially increases the log's signal to noise is useful and not pointless, in my opinion. Anything that slows down the attack is even more useful.> > I actually have training as a locksmith, with a specialty in > masterkeying systems like rotating-constant and some obscure variationsof RCM (this is one of the two masterkey systems explored in the infamous (in locksmith circles) paper "Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks" by Matt Blaze [1] [2]).> > In physical security all security is, in reality, through obscurity [3](page 2, first paragraph): things like keeping the drill points secret (example: in a pin-tumbler lock, if you can drill the shear line, you are in; but what if you have extra pins and hidden shear lines?), keeping secret what materials are used for the hardplate and their interactions with commonly-available drill-bit materials [4], having a strategically placed and hidden tear gas vial [5], etc (all of this information is publicly available; I'm not spilling any real locksmith secrets here).> > The real key to effective physical security is not keeping the attackerout in an absolute, 'can't possibly break in' sense, but buying time for response to the attack; as the attack continues to eat time, the attacker will have increasing incentive to leave the premises.> > Now, if you want a real eye-opener about physical security, grab a copyof "OPEN IN THIRTY SECONDS" from Amazon [6].? That and the key> reference, Marc Weber Tobias' LSS (Locks, Safes, and Security [7]) arefascinating (if expensive) reading and great resources for the syadmin who wants to dig into what is really meant by a security mindset.> > [1]: http://www.crypto.com/papers/mk.pdf > [2]: http://www.crypto.com/masterkey.html > [3]: http://www.crypto.com/papers/safelocks.pdf > [4]: > https://reassembler.wordpress.com/2008/02/04/drilling-into-a-modern-safe/[5]: http://www.lockpicking101.com/viewtopic.php?f=8&t=16891> [6]: > https://www.amazon.com/OPEN-THIRTY-SECONDS-Cracking-America/dp/0975947923[7]:> https://www.amazon.com/Locks-Safes-Security-International-Reference/dp/0398070792 >Thanks, Lamar! that is very instructive. Physical security [of the machine] was first point in the security list, which we often fail to mention. I like the [physical] lock intro you gave. I was always unimpressed with persistence of attempts to make more secure (less pickable) cylinder cased locks (precision, multi-level, pins at a weird locations/angles). Whereas there exists "disk based design" (should I say Abloy?), which with my knowledge of mechanics I can not figure the way to pick. So I consider them un-pickable. Why aren't they widely used [in US]? Because there may be the reason for powers there be to have locks everywhere pickable. On the other hand, I do not have Abloy locks, as they do keep records that link my particular lock to key that opens it. So, there is viable vector of attack ;-) Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Tue, Nov 28, 2017 at 11:04:14AM -0600, Valeri Galtsev wrote:> On Tue, November 28, 2017 9:21 am, Lamar Owen wrote: > > On 11/27/2017 02:02 PM, m.roth at 5-cent.us wrote: > >> Pete Biggs wrote:> >>> - don't run ssh on 22, use a different port. > >> I consider that pointless security-through-obscurity. > > Security through obscurity it may be, but it isn't pointless. Tarpits > are in a similar class; they don't help with security in the absolute > sense, but they slow the attacker down, and that might be enough to > prevent the attack from continuing.?There's the old saying to the effect that if you're a gazelle being chased by a lion, you don't have to be the fastest in the herd, just faster than the one running next to you. ;) -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
On 11/28/2017 12:04 PM, Valeri Galtsev wrote:> Thanks, Lamar! that is very instructive.You're welcome.> I was always unimpressed with > persistence of attempts to make more secure (less pickable) cylinder cased > locks (precision, multi-level, pins at a weird locations/angles).The best way to make an unpickable lock is to make the tolerances of the pins and the cylinder bore as tight as possible, since picking relies on part tolerances to work.? But several sidebar designs are out there that are pretty hard to pick, including Schlage Primus, the various Medeco styles, and others, such as the Kaba dimple locks used on Cisco Metro 1500 DWDM gear for power switches (the lasers are powerful enough to permanently damage your eyes in short order in those).> Whereas > there exists "disk based design" (should I say Abloy?), ...I had an old Bell System payphone with Abloy locks.? Very difficult to bypass or pick, and requiring very different techniques than are used with pin-tumbler locks.? There were two locks: one on the coin door (activated four large rectangular bolts, one on each side, with the only common point that could be successfully drilled being the lock cylinder itself), and one on the door to the circuitry (which included the programming port to set the per-call rate for use with a standard subscriber line, instead of the dedicated pay lines, as well as the coin-counter electronics).? They were used on many payphones twenty years ago or so.
Lamar Owen wrote:> On 11/28/2017 12:04 PM, Valeri Galtsev wrote: >> Thanks, Lamar! that is very instructive. > You're welcome. > >> I was always unimpressed with >> persistence of attempts to make more secure (less pickable) cylinder >> cased >> locks (precision, multi-level, pins at a weird locations/angles). > > The best way to make an unpickable lock is to make the tolerances of the > pins and the cylinder bore as tight as possible, since picking relies on > part tolerances to work.? But several sidebar designs are out there that > are pretty hard to pick, including Schlage Primus, the various Medeco > styles, and others, such as the Kaba dimple locks used on Cisco Metro > 1500 DWDM gear for power switches (the lasers are powerful enough to > permanently damage your eyes in short order in those).<snip> Whenever I get a CAT scan, I point out to the techs that half the warning label is missing: all I see is "Do not start into laser", and not the rest that reads "with remaining eye". Don't mind me: I just spent *far* too long doing my "mid-year performance checkin" for my employer, in Workday (the sooner that dies, the better), and it was designed by idiots, and is not suitable for what 90% of the company does.... And I'm *really* aggravated. mark
On 11/28/2017 11:04 AM, Valeri Galtsev wrote:> I was always unimpressed
with> persistence of attempts to make more secure (less pickable) cylinder
cased> locks (precision, multi-level, pins at a weird locations/angles).
Whereas> there exists "disk based design" (should I say Abloy?),
which with my> knowledge of mechanics I can not figure the way to pick. So I
consider> them un-pickable. Why aren't they widely used [in US]? Because
there may> be the reason for powers there be to have locks everywhere
pickable. On> the other hand, I do not have Abloy locks, as they do keep
records that> link my particular lock to key that opens it. So, there is
viable vector> of attack ;-)
A quick YouTube search for "abloy lock picking" might change your
opinion.
It takes a special tool, but those are available and not all that hard
to make.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.