Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Well, maybe the monks could think of a better route to take if I told more of the story. This could then be a long post and there will be discrepancies in what I tell you because I can't tell you everything.

Normally I would agree entirely with the point you just made.

My problem is:-

I have a program that loops once a second and provides command and control for a real world system - like a perl emulation of a plc. The real world system I am controlling has massive security significance for my client. It isn't exposed to wan access but it will never have very good physical security.

The main security risk I can see is the possibility of an attacker copying my program (stealing a hard drive or system unit wouldn't work) and running it on his computer to gain access via a hole in the wall. My program is a perlapp so trivial code inspection is unlikely. The situation is changing constantly and I only need to delay an attacker a few hours and his attack becomes pointless. Though he can steal the program and run on it on his computer I am hoping he is unlikely to clone my users. I want to authenticate my system users with every pass of my program loop and shred my perlapps if any of various conditions (user validation being one indicator that my program is running under an alien environment) are not met, thus causing the needed delay. Only one of my checks needs to fail and my program will commit suicide.
(security of some user passwords is not a consideration - I don't mind hard coding some of them in my perlapp)

The need for speed and low system overhead is due to the fact that my program may have to handle up to 50 requests with each pass and all the validity checks have to be done on every pass (if an attacker successfully runs a single pass then all could be lost). There will only ever be a handful of system users. All this is far from perfect and it isn't security but it's better than nothing.

I can probably thwart the unskilled with this sort of stuff and maybe delay the skilled long enough if I'm lucky. Anyway, physical security isn't really my responsibility - I'm just trying to help them out a bit.

In reply to Re^4: Authentication with /etc/shadow by fluffyvoidwarrior
in thread Authentication with /etc/shadow by fluffyvoidwarrior

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others examining the Monastery: (8)
    As of 2018-04-19 16:20 GMT
    Find Nodes?
      Voting Booth?