Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!cmcl2!rutgers!dayton!umn-cs!tjacob From: tjacob@umn-cs.UUCP (Thomas Jacobson MSC) Newsgroups: comp.unix.xenix,comp.sources.wanted,comp.unix.questions Subject: Re: Ethernet watcheri (was: tty watcher) Message-ID: <2182@umn-cs.UUCP> Date: Thu, 24-Sep-87 15:50:50 EDT Article-I.D.: umn-cs.2182 Posted: Thu Sep 24 15:50:50 1987 Date-Received: Sun, 27-Sep-87 10:47:43 EDT References: <4263@ozdaltx.UUCP> <15136@hi.UUCP> <1903@ttrdc.UUCP> <2171@umn-cs.UUCP> Organization: University of Minnesota, Minneapolis Lines: 38 Summary: Clarification Xref: mnetor comp.unix.xenix:842 comp.sources.wanted:2402 comp.unix.questions:4278 Humm - seems I may have implied things in my last article which I didn't intend to. 1) Security is not just a problem here ot the U, but the same techniques can be applied to any network. 2) Just because it's possible to do something, doesn't mean it can be done. More on point two. There are several ways of preventing eavesdropping on your ethernet as described before. Here, we use several means. One is that our cable is physically secure. i.e. no one outside a trusted group of people can place taps on the network. Connections to outside networks are filtered. Sensitive information is placed on physically seperate cables from main production network. etc, etc, etc... Other ways of stopping intrusion are to diable forwarding and/or redirects, TDR the line at random times to detect new taps, use encryption and so on. As to using an ethernet watcher to crack SU passwords, that can be avoided by using good unix practices of changing passwords, only allowing root logins on consoles, only allow root su on hardwired terminals, routinely checking for abnormal root usage or setuid programs. I'm sure others have addressed these issue too. How about some input as to how others have done this ?? ( ie made networks/systems secure from prying eyes... ) Joseph Thomas arpa: jpt@uc.msc.umn.edu ---------------------------------------------------------------------------- Disclaimer: The above did not/does not/will not necessarily reflect the opinions of the attached name or his employer, but may or maynot be those of a minion. ----------------------------------------------------------------------------