Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!deimos!uxc!uxc.cso.uiuc.edu!uxg.cso.uiuc.edu!uicsrd.csrd.uiuc.edu!kai
From: kai@uicsrd.csrd.uiuc.edu
Newsgroups: comp.unix.wizards
Subject: Re: /etc/failures
Message-ID: <43200056@uicsrd.csrd.uiuc.edu>
Date: 6 Dec 88 08:04:00 GMT
References: <407@uwslh.UUCP>
Lines: 40
Nf-ID: #R:uwslh.UUCP:407:uicsrd.csrd.uiuc.edu:43200056:000:1907
Nf-From: uicsrd.csrd.uiuc.edu!kai    Dec  6 02:04:00 1988


> /* Written by smb@ulysses.homer.nj.att.com */
>
>> kai@uicsrd.csrd.uiuc.edu writes:
>> 1)  If a login of a single account name at a single terminal fails 3 times in
>> a row within a short period of time, that account is temporarily disallowed
>> from logging in on that terminal.
>> 2)  If a login of a single account at multiple terminals fails 3 times in a
>> row, the account is temporarily disallowed from logging in at any terminal.
>> 3)  If logins of any accounts at a single terminal fails 6 times in a row,
>> that terminal is temporarily disabled.
>
> What's a ``terminal'' to be disabled?
> ... folks are using some sort of port selector, front-end switch, Ethernet
> TAC, etc.  It's rare that any physical port can be associated with a
> login attempt.

Our work environment consists of multiple Encore Annex ethernet terminal
servers providing access to any host from any terminal in the building, so I
understand what you're saying.

I would consider all network connections from a single network host, terminal
server, or data switch as a single "terminal" when disallowing logins.
Unfortunately, then someone could temporarily stop all access from a data
switch by purposefully incorectly logging in multiple times from multiple
accounts.  Does anyone else have any better approach?

This demonstrates a significant advantage of the Annex terminal server over
all other terminals servers or data switches I've ever used, that in a
security concious environment they can be configured to require a valid
username/password be verified by a local "security server" host before access
to the terminal server command line is given, and to approve and log all
attempts at network connections.  With these features enabled, it's easy to
identify who is attempting a breakin.


Patrick Wolfe  (pat@kai.com, kailand!pat)
System Manager, Kuck and Associates, Inc.

#include