Path: utzoo!attcan!uunet!ginosko!husc6!bu-cs!bzs
From: bzs@bu-cs.BU.EDU (Barry Shein)
Newsgroups: comp.unix.wizards
Subject: Re: Unix network security (was "CERT Internet Security Advisory")
Message-ID: <36813@bu-cs.BU.EDU>
Date: 20 Aug 89 18:27:51 GMT
References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> <3942@phri.UUCP> <4614@thor.acc.stolaf.edu> <1069@accuvax.nwu.edu>
Organization: Boston U. Comp. Sci.
Lines: 34
In-reply-to: phil@delta.eecs.nwu.edu's message of 18 Aug 89 20:58:41 GMT


Rather than a list of hosts you can log in from (that makes me
uncomfortable, except for root and other priv'd accounts) why not
extend the rlogin .rhosts idea to three levels: No Password, Normal
login, Paranoid login.

By Paranoid login I mean implementing one of these various ideas using
challenges or secondary passwords etc. At least it can be used to
throw some more obstacles in the way.

The problem, ultimately, is that the crackers generally get in via
trap-doors, either out and out bugs or subtleties no one had thought
of before. Including non-computer attacks (like looking through
printouts.)

In addition, whatever you do just challenges the cracker to try a
different solution. Only allowing me to log into your system from
certain sites challenges me to fool your computer into thinking that
I'm coming from one of those sites (which is usually not very hard to
guess if I know anything about the topology of your network or even
just scan mailing lists and/or newsgroups for lists of machines you
seem use, or just finger around, or send mail to yourname@various and
see if I get an error return.)

The security biz is subtle, you have to pick your trade-offs
carefully.

-- 
	-Barry Shein

Software Tool & Die, Purveyors to the Trade
1330 Beacon Street, Brookline, MA 02146, (617) 739-0202
Internet: bzs@skuld.std.com
UUCP:     encore!xylogics!skuld!bzs or uunet!skuld!bzs