Questions about UNIX viruses

Tue Apr 9 23:19:33 AEST 1991

In article <1991Apr8.062054.11868 at newross.Princeton.EDU> tr at samadams.princeton.edu (Tom Reingold) writes:
[ stuff about security by uunet.bria!mike deleted ...]
>
>You are right, but missed something.  Someone in the corporation may
>make the point, valid or not, that publicizing the existence of an
>easy-to-get-to machine or login makes it more vulnerable than a machine
>or login that is unknown.  Connecting well is a form of publicity.
>Once you're there, people notice.  Posting news makes you much more
>noticeable.

One way around this problem is to set aside a machine as a gateway.
This machine can run news, uucp, etc to the outside world and lets in
network traffic from the rest of the sight; however, the rest of the
sight doesn't trust it at all.

That's what happens here.  I read and write news on my desk,
(workstation or X terminal connected to a server), and all the stuff
happens via nntp on our gateway machine.  I can rlogin into the gateway
machine, and I can rcp to and from it from my desk, but once I'm
logged into the gateway machine I can't rlogin out of it or rcp
to/from anywhere.

>I am facing this at my job (which is not at Princeton University).  The
>company I work for has a policy of (almost) no internet connections.
>Worse, it has a policy that we are not to have any non-company-owned
>software on our computers.  This means no software from Usenet.  I
>think the goal may be reasonable, but I think the means are not for two
>reasons: 1. the policy probably won't work, and 2. it restricts free
>exchange of ideas.  The latter, in my belief, affects productivity, so
>bottom-line-watchers ought to care about it too.

I would agree that this is a foolish policy.  I can understand their
security fears, but I believe that the free exchange of ideas is
extremely important in a scientific/engineering community.

As for the no non-company-owned software thing, I would say that this
is almost impossible to enforce in the real world.  The ammount of
useful software that's available publicly is just too great (the MIT X
Windows distribution, GNU software, etc).  Many vendors even ship some
of this stuff with their systems!

A more practical strategy on free software is to openly allow software
posted to the moderated net-news groups, and available on "official"
distributions (the MIT X distribution, the Columbia Kermit
distribution, etc).

After that, you can have a more restrictive policy on other forms of
free software (like stuff from alt.sources); however, even that should
allow that software to make it's way onto the system after the source
has been reviewed by the local guru's (or has been accepted by the
net.community at large).

Most successful attacks on UNIX boxes that I know of have come in
straight through the front door.  Nothing so fancy as net software
that had secret password cracking stuff in assembler coded into the
error messages that got executed if the machine was a Sun.

Just look at the fameous Internet Worm.  Everything it did relied on
bugs in the vendor supplied software, or in shortcomings in the way
people chose their passwords.

Name:			Christopher J. Calabrese
Brain loaned to:	AT&T Bell Laboratories, Murray Hill, NJ
att!ulysses!cjc		cjc at ulysses.att.com
Obligatory Quote:	``pher - gr. vb. to schlep.  phospher - to schlep light.philosopher - to schlep thoughts.''