Unix network security (was "CERT Internet Security Advisory")
William LeFebvre
phil at delta.eecs.nwu.edu
Sat Aug 19 06:49:34 AEST 1989
In article <35131 at wlbr.IMSD.CONTEL.COM> sms at WLV.IMSD.CONTEL.COM.UUCP (Steven M. Schultz) writes:
> How about inverting the meaning of ".netaccess"? By this i
> mean making it a list of hosts/addresses to be rejected.
I was thinking of having two files, along the lines of the new "cron":
".login.allow" and ".login.deny". There should probably also be a
provision for a system-wide default, so that for example the sysadmin
could set up all accounts to allow remote logins for "*.eecs.nwu.edu".
You realy don't want just a list of "bad guys". In my thinking,
anyone I can't explicitly name is suspect. Not because of the
sysadmin or the users at that particular site (after all, they are
just as susceptible to breakins as I am), but more because it is
easier and quicker for me to name those sites I want to log in from
than those I never want to log in from.
William LeFebvre
Department of Electrical Engineering and Computer Science
Northwestern University
<phil at eecs.nwu.edu>
More information about the Comp.unix.wizards
mailing list