Xref: utzoo comp.dcom.lans:2136 comp.periphs:1407 comp.terminals:1015
Path: utzoo!attcan!uunet!mcvax!enea!maxim!prc
From: prc@maxim.ERBE.SE (Robert Claeson)
Newsgroups: comp.dcom.lans,comp.periphs,comp.terminals
Subject: Re: Terminal Servers?
Message-ID: <444@maxim.ERBE.SE>
Date: 22 Dec 88 08:36:43 GMT
References: <147@iquery.UUCP> <12380@cup.portal.com> <689@hscfvax.harvard.edu> <280@wubios.wustl.edu>
Organization: ERBE DATA AB
Lines: 31

In article <280@wubios.wustl.edu>, phil@wubios.wustl.edu (J. Philip Miller) writes:
> In article <442@maxim.ERBE.SE> prc@maxim.ERBE.SE (Robert Claeson) writes:

> >The Annex terminal servers will boot over the network from either a computer
> >or from another Annex.

> and what about the security implications when these devices reboot over the
> network?  What keeps some charlatan from providing an "improved" set of
> definitions which destroys any secuity constraints which you have carefully
> provided?  Forcing a device to reboot is frequently the easiest threat to
> execute.

Well... You can

- tell the box to boot from a specific server by default.

- set a password so you can't reconfigure it without knowing the
  password, neither from the network nor from the Annex.

- disable any commands you don't want someone to see.

- enable the ACP (Access Control Protocol).

- enable the logging facilities.

- etc, etc.
-- 
Robert Claeson, ERBE DATA AB, P.O. Box 77, S-175 22 Jarfalla, Sweden
"No problems." -- Alf
Tel: +46 758-202 50  EUnet:    rclaeson@ERBE.SE  uucp:   uunet!erbe.se!rclaeson
Fax: +46 758-197 20  Internet: rclaeson@ERBE.SE  BITNET: rclaeson@ERBE.SE