Unix network security (was "CERT Internet Security Advisory")
Marc Evans Ultrix Q/A
evans at testmax.ZK3.DEC.COM
Fri Aug 18 21:34:48 AEST 1989
> check the hostname against a list of "allowed" hosts?
Chances are that if I were smart enough to modify something like telnet to
trace lognames/passwords, it wouldn't be too hard for me to also know what
the hostnames are, that were communicating. I could also probably know the
internet address and maybe even the hardware address. Assuming that I can
get this information, then it probably isn't too hard for me to set up my
host to mimic the environment used by the authorized user(s).
I am not trying to say that the idea isn't a bad one. It would probably
make it more difficult for people to gain unauthorized access. What I am
saying is that you will probably never remove all possible access means
as long as machines are networked together, and people have access to
either the console or the super users account at some point in time.
==========================================================================
Marc Evans - WB1GRH - evans at decvax.DEC.COM | Synergytics (603)893-8481
Unix/X-window Software Contractor | 3 Koper Ln, Pelham, NH 03076
==========================================================================
More information about the Comp.unix.wizards
mailing list