Bug 783588

Summary: value of security measures; no metric, no scope description
Product: Red Hat Enterprise Linux 6 Reporter: eric
Component: doc-Security_GuideAssignee: Bara Ancincova <bancinco>
Status: CLOSED NOTABUG QA Contact: Tomas Capek <tcapek>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4CC: budden, pkennedy, security-guide-list, zach
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 782916 Environment:
Last Closed: 2014-08-12 14:11:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 782916    
Bug Blocks:    

Description eric 2012-01-20 22:55:14 UTC 
+++ This bug was initially created as a clone of Bug #782916 +++

Description of problem:

The juncture between computer security and network security is inadequate -- too many seams which leaves too many man-in-middle attack opportunities.  

The most egregious omission in this (otherwise pretty good) document is treatment of SCOPE.  This probably belongs in the vicinity of 1.3.


Analysis first.  Map each of the security solutions you have in the guide onto the ISO Reference Model:

Layer 1/2 security measures (like WiFi security) protect frames.  The scope of the security is limited to a single segment.  No security beyond the router and no security within end systems.

Layer 3 security protected datagrams (VPNs do this, IPSec ....).  The scope is an enclave tunneled through an internetwork.  The protection cannot extend beyond the VPN boxes, so data is wholly unprotected within end systems (and LAN if the VPN box is associated with the last router).  

Layer 4/5 security includes SSL (aka TLS).  You have a how-to for securing an http server (good) but no admonitions regarding scope -- the security extends from the TCP socket in one end system to the TCP socket at the other end of the connection -- again no security inside the OS comes from SSL.

All of the above security measures protect infrastructure.  But they do not protect the data.

Layer 6/7 security measures protect the data.  Here the scope _can be_ truly end to end.  S/MIME is a good example (so is ssh and XML sign/crypt) where the data passes over the internet and through the OS in protected form.  Only in a fairly small space is the data unprotected.  In Evolution, for example, only the parts of the UA that deal with composing, reading, ... mail are places where the authenticity and confidentiality of the data is possible.  Most of the rest of the UA (including all the filing system deals with data that has been protected exactly the way it's been sent over the network.  In the case of Evolution (UAs differ in implementation) secured data is stored in the file system exactly the way it was transmitted.  


Recommendations:
 1) include a mapping similar to above so users have an idea what the scope of this or that security measure is.  
 2) emphasize those security measures that apply to applications (layer 6/7) as Fedora distribution evolves and matures.  (What got me here this morning is the continuing frustration getting Evolution to properly play ball with DoD CAC cards ... works, but doesn't 'just work').  



Version-Release number of selected component (if applicable):

Security Guide 16.3 (doesn't have a date)


How reproducible:

The above analysis doesn't invent anything; it only organizes and sorts.  Anyone can reproduce it.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 eric 2012-01-20 22:56:11 UTC 
Submitted this as the reported bug is in the RHEL 6 version as well.  I'll be working on a patch for both guides and will submit here when complete.
Comment 4 Bara Ancincova 2014-08-12 14:11:47 UTC 
As per the reporter, this bug is no longer relevant for the current state of the Security Guide.