Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Lockheed Martin-Led Consortium Builds Secure 'System Of Systems'
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/29/2015 | 11:12:17 AM
Re: Systems of systems
Great point. Nothing is bulletproof when it comes to advanced attackers. Interestingly, this is approach has the blessing of an intel agency. But then again, NSA got 0wned by Snowden.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/29/2015 | 11:08:03 AM
Re: De-elevation of Super User Access
Sorry if my first post didn't phrase as such but that was the point behind my statement. Permanent elevation is quite common and not a good security practice.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2015 | 11:05:43 AM
Systems of systems
I wonder how they would be securing systems of systems while they are having hard time to secure a single system. Noting is ever be perfect when it comes to security, all we are doing minimizing the risk.
SgS125
50%
50%
SgS125,
User Rank: Ninja
7/29/2015 | 11:04:42 AM
Re: Gee so it's just like a mainframe running RACF in 1984
yes, we had a guy that could look over your shoulder at your 3270 terminal , on the closed network, running proprietary protocols, encrypted with simple routines.  That guy could read your screen.

Other than that, the no wireless, no terminal that was not explicitly defined to the system approach worked quite well.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2015 | 11:03:16 AM
Re: Gee so it's just like a mainframe running RACF in 1984
I like the idea of having a dump terminal for the users and locking down everting else in the back end, however security is about balance of CIA: Confidentiality, Integrity and Availability 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2015 | 11:01:25 AM
Re: Gee so it's just like a mainframe running RACF in 1984
I hear you. At the same time there was always security vulnerabilities as you know.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2015 | 10:59:40 AM
Re: De-elevation of Super User Access
Main idea should be the fact that there is no super user. You get permission based on the need you have and that is given temporary.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2015 | 10:57:53 AM
Multilevel security
 

Multilevel security should be about multi-layer security. When individuals need to go to next level they get permission otherwise they could not proceed. This is one of the good approach when it comes best practices on secure network and system design.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/29/2015 | 10:40:47 AM
Re: Gee so it's just like a mainframe running RACF in 1984
Mainframe nostalgia, for sure. 
SgS125
50%
50%
SgS125,
User Rank: Ninja
7/29/2015 | 10:26:51 AM
Gee so it's just like a mainframe running RACF in 1984
Finally we are back to the days when the system has real security!
Page 1 / 2   >   >>


Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.