Date: Tue, 27 Feb 96 06:15:40 -0800 From: Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca> To: Brian Tao <taob@io.org> Cc: cschuber@orca.gov.bc.ca, FREEBSD-SECURITY-L <freebsd-security@FreeBSD.org> Subject: Re: Informing users of cracked passwords? Message-ID: <199602271415.GAA07122@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Mon, 26 Feb 96 20:08:14 EST." <Pine.BSF.3.91.960226200547.28975D-100000@zip.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, 23 Feb 1996, Cy Schubert - BCSC Open Systems Group wrote:
> >
> > ALL EXCEPT rlogind rshd rexecd fingerd: ALL
> > rlogind rshd rexecd: .io.org
> >
> > These two lines restrict rlogin, rsh, and rexec to hosts within the io.org
> > domain while allowing connections to all other services from anywhere in th
e
> > world.
>
> Yes, that sounds like a good idea to me. I'm toying with the idea
> of disallowing rlogin and rsh connections from outside the io.org
> domain and forcing users to supply passwords through a telnet
> connection. Is there anything wrong with his idea? I know users will
> kick and scream about it, but I can't think of any reason other than
> security vs. convenience issues.
If a user trusts an account on another host and that host has been hacked, you
have to assume your host has been compromised as well. You cannot assume
otherwise because you have no evidence to the contrary. Once a hacker has an
account on a system you or your users trust, it's just a matter of time before
the hacker has root on your system.
> --
> Brian Tao (BT300, taob@io.org)
> Systems Administrator, Internex Online Inc.
> "Though this be madness, yet there is method in't"
>
>
Regards, Phone: (604)389-3827
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602271415.GAA07122>