Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!gatech!bloom-beacon!think!ames!hc!hi!cyrus
From: cyrus@hi.UUCP
Newsgroups: comp.unix.xenix,comp.sources.wanted,comp.unix.questions
Subject: Re: Ethernet watcheri (was: tty watcher)
Message-ID: <16434@hi.UUCP>
Date: Sun, 27-Sep-87 16:12:29 EDT
Article-I.D.: hi.16434
Posted: Sun Sep 27 16:12:29 1987
Date-Received: Sun, 27-Sep-87 23:43:22 EDT
References: <4263@ozdaltx.UUCP> <15136@hi.UUCP> <1903@ttrdc.UUCP> <2171@umn-cs.UUCP> <2182@umn-cs.UUCP>
Reply-To: cyrus@hi.UUCP (Tait Cyrus)
Organization: U. of New Mexico, Albuquerque
Lines: 42
Xref: utgpu comp.unix.xenix:742 comp.sources.wanted:2089 comp.unix.questions:3855

In article <2182@umn-cs.UUCP> tjacob@umn-cs.UUCP (Thomas Jacobson MSC) writes:
>
>	As to using an ethernet watcher to crack SU passwords, that
>can be avoided by using good unix practices of changing passwords,
>only allowing root logins on consoles, only allow root su on hardwired
>terminals, routinely checking for abnormal root usage or setuid programs.
>
>					Joseph Thomas

Hmm?  Well, only allowing root su on hardwired terminals is great if you
have hardwired terminals.  Here at UNM though, in the EECE department,
the ONLY hardwired terminals are the consoles.  Everything else is via
ethernet terminal servers.  It would be prohibitively inconvenient for us
to have to go to the console to do anything as root.

This in itself is not all that bad because, like you, only certain people
can add taps.  Our problem is that the number of PC's being put on the
network, by the administrative types who like the benifits of fast 
communications, is increasing daily.  The number of PC's in labs is also
gaining popularity.  These will be the main problem and the only way
to solve this problem is to put PC's on there own ethernet cable and
then pass everything through a 'smart' gateway.

We do, as you mention, weekly 'find's looking for setuid programs and
comparing that list against a prepared list.  If a new setuid program
pops up, we will be notified (cron does it).

You also have to consider that "root"s are trusted people.  If I have root
on one machine, I can EASILY get root on anyother machine by just following
.rhosts of root and other privledged users.


-- 
    @__________@    W. Tait Cyrus   (505) 277-0806
   /|         /|    University of New Mexico
  / |        / |    Dept of EECE - Hypercube Project
 @__|_______@  |    Albuquerque, New Mexico 87131
 |  |       |  |
 |  |  hc   |  |    e-mail:
 |  @.......|..@       cyrus@hc.dspo.gov or
 | /        | /        seismo!unmvax!hi!cyrus
 @/_________@/