Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!ucbvax!CS.UCL.AC.UK!jon
From: jon@CS.UCL.AC.UK (Jon Crowcroft)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: RFC on Internet "Virus", Please
Message-ID: <8811061819.AA05468@ucbvax.Berkeley.EDU>
Date: 6 Nov 88 15:18:08 GMT
References: <8811042052.AA00423@bel.isi.edu>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 35



Some years ago, we were worried about the security of our mail relay
machines, and we set a standard task to all local hackers to try  (but
with warning) to break the system. Each time a hole was found, we
fixed it and also tried to appreciate the general lesson too.

general lesson 1 is that you dont allow someone to pull data from a
machine over the net without password authentication in any way (e.g.
pulling mail, fingerd, rwhod etc are all disabled).

general lesson 2 (more obvious) is that you dont let anyone even
execute any program on a machine over the net without password
authentication, the only exception being the implicit execution of the
login program, so there is only one point of entry into execution of
arbitary code, and therefore only one point to audit...

this still leaves you open to one problem - denial of service if
someone sends datas into your system and simply cloggs up the disk -
this can be limited to the denial of mail service, and can be kept to
a minimum by not talking to machines you havnt heard of (e.g. dont
know a name for...)

The facilitiy for executing a program on the body oif a message is
still allowed in our system, but which program (and on which
messages) is specified by recipient only, and
not as part of the message - so we could have problems if recipients
are careless - but we can monitor that.

Having said all this, we are bound to lose, but then we'll learn some
more! 

Maybe there should be an Internet target practice machine

 jon