From owner-freebsd-questions  Tue Feb  3 21:07:10 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA14828
          for questions-outgoing; Tue, 3 Feb 1998 21:07:10 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from mhv.net (root@spice.mhv.net [199.0.0.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA14822
          for <freebsd-questions@FreeBSD.ORG>; Tue, 3 Feb 1998 21:07:05 -0800 (PST)
          (envelope-from mgraffam@mhv.net)
From: mgraffam@mhv.net
Received: from localhost (qripto@port101.mhv.net [206.229.41.29]) by mhv.net (8.8.5/8.7.3) with SMTP id AAA24979; Wed, 4 Feb 1998 00:06:57 -0500
Date: Wed, 4 Feb 1998 00:00:52 -0500 (EST)
X-Sender: qripto@localhost
To: sporkl@dti.net
cc: fbsdqs <freebsd-questions@FreeBSD.ORG>
Subject: Re: Security
In-Reply-To: <Pine.BSF.3.96.980203222617.5335A-100000@mental>
Message-ID: <Pine.LNX.3.96.980203234651.30158B-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe questions"

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 3 Feb 1998, Spike Gronim wrote:

> If I were to let other people have telnet access to my machine, what
> would be a prudent number of security precautions to take?

Hmm.. well, I do allow telnet access to my machine, not public access
mind you, but several friends of mine do have accounts, most with
root access. As such, I dont find it necessary to keep up on every
exploit that comes along (I find out about them anyhow, but I am usually
slow at patches). But keeping up on exploits is a must in a public-access
situation.

Another good idea is to set up sshd (secure shell) while this wont secure
telnetd, it will allow those users with an ssh client to access the system
in a more secure way. I'd also set up OPIE, and set it so that either
a password or an OPIE response is valid from anywhere, again, this way
for users with an OPIE calculator, the system can be accessed in a secure
way.

One other thing, make sure you set your printing and sound card 
attributes correctly.. there is nothing more annoying than something
like this:

tr '\0' '\f' < /dev/zero | lpr 
cat /usr/bin/* > /dev/audio


Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Act only according to that maxim by which you can at the same time will that
it should become a universal law.." - Immanuel Kant "Metaphysics of Morals"

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBNNf2CQKEiLNUxnAfAQFKNgQAiwrD4T8EFvnDsWPRLgpq1YxHcC8yA61W
lptZVUHqVjZZavtyZL3HoniB/kYoJlXi24tZu3W1bWme0Tkqa//2rkllgdiDTswU
gcdheZ1eSHkOopCUcb/A+ul1fjExcO0IFKgPgU/l+te9hVPLUZRYILvhqkMrU/WY
MuODl7vNDdE=
=Zd+f
-----END PGP SIGNATURE-----