Date: Tue, 2 Jan 2001 15:59:09 -0600 (CST) From: "Jeffrey D. LaCoursiere" <jeff@jeff.net> To: freebsd-isp@FreeBSD.ORG Subject: FW: Prepaid Internet Service (fwd) Message-ID: <Pine.BSF.4.21.0101021553020.2323-100000@jeffdev.billmax.com>
next in thread | raw e-mail | index | archive | help
Greetings - thought I would say a blurb or two about what was said below. It is true that most of the BillMax processes run as root. This is only a security issue if the machine is accessible to the outside world, which generally it is not. Our recommended configuration is to place the BillMax server behind a firewall and use in-kernel packet filtering to further restrict access. The web interface should only be accessible to internal employees, who must authenticate before accessing. The shell prompt should only be accessible by your network and data admins, who are assumed to have such access on all of your servers. At this point you are well secured against all but your internal employees, who would have to come up with a crack against apache httpd (running as "nobody") or Merit radius (if radius is being used). The mysqld is configured not to allow network connects as shipped. I am unaware of any current cracks for these daemons, though it would not surprise me to learn of new ones. I am certainly open to discuss security issues with regards to our product, but installed correctly I do not believe any exist. Thanks, Jeff LaCoursiere President/CEO BillMax ISP Billing Solutions The iSpark Group, Inc. -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of JonMS2010@aol.com Sent: Thursday, December 28, 2000 4:13 PM To: muditha@seychelles.net Cc: drew.weaver@thenap.com; khaled@w-arts.com; cshenton@outbounderinc.com; freebsd-isp@FreeBSD.ORG Subject: Re: Prepaid Internet Service Well, The BillMax proccess has to run as root. So, there is a security issue right there. A secondary issue Another issue is that it runs on the Internet, not on an intranet, even if it's password protected. Everything can be hacked/cracked/bruteforced, etc. if someone has the time, means and inclination to do something about it. So, the best thing to do would probbably talk to them and see if you can find a way to make it run as non root, (maybe nobody or something like that). Well, thats basically what I have to say about security in that respect. Also, there may be other security issues that I am not aware of because I haven't used BillMax in a while (more than a year). -- Jonathan M. Slivko -- Jonathan M. Slivko <JonMS2010@AOL.COM> Homepage: http://members.aol.com/JonMS2010/ "FreeBSD: The Power To Serve!" -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101021553020.2323-100000>