[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Last Look" at the RADIUS Design Guidelines document
On 09-01-2010, at 07:47 , Alan DeKok wrote:
> Avi Lior wrote:
>> Sorry i have more to say......
>>
>> Section 2.1.4 makes the following assertion. Exchanging information as a complex type has potential for introducing more security vulnerabilities.
>
> It doesn't say that.
>
> It says:
>
> ... New data types require
> new code, which may introduce new bugs, and therefore new attack
> vectors.
>
> Emphasis on "new", not "complex".
Execuse me !!!! The whole section is titled Complex Attributes and Security ( I have pasted the text for you at the bottom. )
And also this sentence: "An extreme outcome of a vulnerability due to a new,
complex type " --- again what is this section about??????
But to align it with what you think it is about I have suggested new text.
I still think it is silly - it is saying that a new things are buggy and potentially have security issues.
But so is the use of a new attribute using an existing data type. But anyway if you insist on having some text about new data types then look at my changes.
Original text....
2.1.4. Complex Attributes and Security
The introduction of complex data types brings the potential for the
introduction of new security vulnerabilities. Experience shows that
the common data types have few security vulnerabilities, or else that
all known issues have been found and fixed. New data types require
new code, which may introduce new bugs, and therefore new attack
vectors.
RADIUS servers are highly valued targets, as they control network
access and interact with databases that store usernames and
passwords. An extreme outcome of a vulnerability due to a new,
complex type would be that an attacker is capable of taking complete
control over the RADIUS server.
The use of attributes representing opaque data does not reduce this
threat. The threat merely moves from the RADIUS server to the
application that consumes that opaque data.
The threat is particularly severe when the opaque data originates
from the user, and is not validated by the NAS. In those cases, the
RADIUS server is potentially exposed to attack by malware residing on
an unauthenticated host. Applications consuming opaque data that
reside on the RADIUS server SHOULD be properly isolated from the
RADIUS server, and SHOULD run with minimal privileges. Any potential
vulnerabilities in that application will then have minimal impact on
the security of the system as a whole.
New text..... AND MOVE THIS TO THE SECURITY SECTION....
2.1.4. New Data types and Security
The introduction of NEW data types brings the potential for the
introduction of new security vulnerabilities. Experience shows that
the existing data types have few security vulnerabilities, or else that
all known issues have been found and fixed. New data types require
new code, which may introduce new bugs, and therefore new attack
vectors.
RADIUS servers are highly valued targets, as they control network
access and interact with databases that store usernames and
passwords. An extreme outcome of a vulnerability due to a new attribute type would be that an attacker is capable of taking complete
control over the RADIUS server.
""" TAKE THE FOLLOWING TWO PARAGRAPHS OUT SINCE YOU ARE TALKING ABOUT RADIUS IN THIS DOCUMENT. """
The use of attributes representing opaque data does not reduce this
threat. The threat merely moves from the RADIUS server to the
application that consumes that opaque data.
The threat is particularly severe when the opaque data originates
from the user, and is not validated by the NAS. In those cases, the
RADIUS server is potentially exposed to attack by malware residing on
an unauthenticated host. Applications consuming opaque data that
reside on the RADIUS server SHOULD be properly isolated from the
RADIUS server, and SHOULD run with minimal privileges. Any potential
vulnerabilities in that application will then have minimal impact on
the security of the system as a whole.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>