Newsgroups: comp.unix.admin Path: utzoo!utgpu!news-server.csri.toronto.edu!torsqnt!hybrid!scifi!watson!arnor!metzger From: metzger@watson.ibm.com (Perry E. Metzger) Subject: Re: Project Athena ( was Re: Non Destructive Version of rm) Message-ID: <1991May13.220731.2415@watson.ibm.com> Sender: news@watson.ibm.com (NNTP News Poster) Nntp-Posting-Host: halley Organization: IBM T.J. Watson Research Center References: <12049@mentor.cc.purdue.edu> <1991May8.174603.26309@athena.mit.edu> <12067@mentor.cc.purdue.edu> <1991May9.001907.13024@athena.mit.edu> <12112@mentor.cc.purdue.edu> <13043@dog.ee.lbl.gov> Distribution: na Date: Mon, 13 May 1991 22:07:31 GMT In article <13043@dog.ee.lbl.gov> torek@elf.ee.lbl.gov (Chris Torek) writes: >The basic problem here is that the network itself is physically >accessible as well, and such access can be nearly untraceable. Your >average Ethernet or fiber optic cable can be `wiretapped' without too >much difficulty and with little chance of detection. If this is done, >sessions can be recorded and/or played back, and the `tapping' machine >can stand in the stead of another, previously existing machine. Not to contradict Chris, who knows a whole lot more than I can ever hope to, but... 1) Fiber is hard to tap. Well, not that hard, but harder than cable. and.. >The Athena security system provides a variable amount of defense >against this sort of intrusion. If you wiretap and collect someone's >tickets, you can use playback methods to gain access for the duration >of the ticket. 2) You CANT record and play back tickets! The tickets are sent back to the user via a secure channel (they are encrypted in the users password!), and even if you see an instance of a ticket wizzing by on the network, you have only a couple of seconds to replay it as I recall, PLUS it would probably not work anyway if the service is keeping track of request id's, or so I recall. The REAL risk is someone broke in to your workstation and grabs your tickets when they get stored on your local machine. Perry