From owner-freebsd-security Tue Feb 27 06:16:01 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id GAA20736 for security-outgoing; Tue, 27 Feb 1996 06:16:01 -0800 (PST) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id GAA20723 for ; Tue, 27 Feb 1996 06:15:59 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by passer.osg.gov.bc.ca (8.7.4/8.6.10) with SMTP id GAA07122; Tue, 27 Feb 1996 06:15:40 -0800 (PST) From: Cy Schubert - BCSC Open Systems Group Message-Id: <199602271415.GAA07122@passer.osg.gov.bc.ca> X-Authentication-Warning: passer.osg.gov.bc.ca: Host localhost [127.0.0.1] didn't use HELO protocol Reply-to: cschuber@orca.gov.bc.ca X-Mailer: DXmail To: Brian Tao cc: cschuber@orca.gov.bc.ca, FREEBSD-SECURITY-L Subject: Re: Informing users of cracked passwords? In-reply-to: Your message of "Mon, 26 Feb 96 20:08:14 EST." Date: Tue, 27 Feb 96 06:15:40 -0800 X-Mts: smtp Sender: owner-security@FreeBSD.org Precedence: bulk > On Fri, 23 Feb 1996, Cy Schubert - BCSC Open Systems Group wrote: > > > > ALL EXCEPT rlogind rshd rexecd fingerd: ALL > > rlogind rshd rexecd: .io.org > > > > These two lines restrict rlogin, rsh, and rexec to hosts within the io.org > > domain while allowing connections to all other services from anywhere in th e > > world. > > Yes, that sounds like a good idea to me. I'm toying with the idea > of disallowing rlogin and rsh connections from outside the io.org > domain and forcing users to supply passwords through a telnet > connection. Is there anything wrong with his idea? I know users will > kick and scream about it, but I can't think of any reason other than > security vs. convenience issues. If a user trusts an account on another host and that host has been hacked, you have to assume your host has been compromised as well. You cannot assume otherwise because you have no evidence to the contrary. Once a hacker has an account on a system you or your users trust, it's just a matter of time before the hacker has root on your system. > -- > Brian Tao (BT300, taob@io.org) > Systems Administrator, Internex Online Inc. > "Though this be madness, yet there is method in't" > > Regards, Phone: (604)389-3827 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."