Thanks for taking the time to review the template!
] An attacker can easily convince a client with access to the trusted view to
] perform queries on its behalf, in countless ways. He can send the trusted
I never claimed that this template would provide 100% security. This is
the Internet; it shall never be 100% secure. The goal of the template is
to mitigate or block the more obvious attack vectors, and provide an
increased degree of security.
While it is certainly possible to install trojans such as Sub7 (more
popular than BO) or BO on a host, that is an issue for a different template
and/or policy to address.
] So I am not quite sure what the trusted view protects against. Anyone can
It protects against the script kiddies, which are the bulk of the miscreants
we face. I spend a LOT of time lurking in the underground, and most of
them (most, NOT all) try only the easy or scripted hacks, then move on to
easier targets if the hacks fail.
Two men are camping in the woods. Suddenly, in the dead of night, a bear
rips through their tent. The first fellow takes off running. The second
fellow runs for a bit, then stops to put on his running shoes. The first
fellow says: "What are you doing?! You can't outrun the bear!" To which
the second fellow replies: "I don't have to outrun the bear; I just have
to outrun YOU."
This joke, told to me by Detective Bittenbinder of the CPD, still holds
true in many instances of probes, particularly when some miscreant is
attempting to build a botnet or DoSnet. It doesn't at all hold true if
the miscreant has targeted the site, of course.
] still get a malicious recursive query to the internal view if they really
] want to.
But why would a determined attacker do this? If they have sufficient clue,
they will simply "0wn" the system through the most recent [SSH|WU-FTP|etc.]
hack. I have yet to see the site that can withstand the attention of a
determined and clueful attacker.