[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OT: "Default Permit" and Challenge-response.

Subject: OT: "Default Permit" and Challenge-response.
From: Bret Alan <email@hidden>
Date: Fri, 30 Mar 2007 12:09:34 -0400
Delivered-to: email@hidden
Delivered-to: email@hidden

All,

Just looking for some informed opinions.

Recently on this list, there was a conversation about Challenge-response, and the consensus seems to be that it's a pretty bad idea, or at least badly implemented:

http://lists.apple.com/archives/macos-x-server/2007/Feb/msg00641.html

Sounds reasonable. Also mentioned once on this list, is Marcus Ranum's list of "The Six Dumbest Ideas in Computer Security", #1 being "Default Permit":

http://www.ranum.com/security/computer_security/editorials/dumb/

This also sound reasonable to me. So my questions are:

1. Isn't Challenge-response a type of "Default Deny"? Isn't that a good thing, if perhaps badly implemented?

and

2. Not directly related to Macs, my school has an upcoming meeting with the makers of Savant Protection http://www.savantprotection.com/, which is anti-malware software that seems to use the "Default Deny" model. What do think of software like this, in general? Good idea or bad?

Again, just looking for some security-minded opinions. Thanks!

Bret
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Prev by Date: Re: Speaking of WWDC
Next by Date: smb process locking up server
Previous by thread: replacing a self-signed cert on 10.4.1
Next by thread: smb process locking up server
Index(es):
- Date
- Thread

Home