Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!deimos!uxc!uxc.cso.uiuc.edu!uxg.cso.uiuc.edu!uicsrd.csrd.uiuc.edu!kai From: kai@uicsrd.csrd.uiuc.edu Newsgroups: comp.unix.wizards Subject: Re: /etc/failures Message-ID: <43200056@uicsrd.csrd.uiuc.edu> Date: 6 Dec 88 08:04:00 GMT References: <407@uwslh.UUCP> Lines: 40 Nf-ID: #R:uwslh.UUCP:407:uicsrd.csrd.uiuc.edu:43200056:000:1907 Nf-From: uicsrd.csrd.uiuc.edu!kai Dec 6 02:04:00 1988 > /* Written by smb@ulysses.homer.nj.att.com */ > >> kai@uicsrd.csrd.uiuc.edu writes: >> 1) If a login of a single account name at a single terminal fails 3 times in >> a row within a short period of time, that account is temporarily disallowed >> from logging in on that terminal. >> 2) If a login of a single account at multiple terminals fails 3 times in a >> row, the account is temporarily disallowed from logging in at any terminal. >> 3) If logins of any accounts at a single terminal fails 6 times in a row, >> that terminal is temporarily disabled. > > What's a ``terminal'' to be disabled? > ... folks are using some sort of port selector, front-end switch, Ethernet > TAC, etc. It's rare that any physical port can be associated with a > login attempt. Our work environment consists of multiple Encore Annex ethernet terminal servers providing access to any host from any terminal in the building, so I understand what you're saying. I would consider all network connections from a single network host, terminal server, or data switch as a single "terminal" when disallowing logins. Unfortunately, then someone could temporarily stop all access from a data switch by purposefully incorectly logging in multiple times from multiple accounts. Does anyone else have any better approach? This demonstrates a significant advantage of the Annex terminal server over all other terminals servers or data switches I've ever used, that in a security concious environment they can be configured to require a valid username/password be verified by a local "security server" host before access to the terminal server command line is given, and to approve and log all attempts at network connections. With these features enabled, it's easy to identify who is attempting a breakin. Patrick Wolfe (pat@kai.com, kailand!pat) System Manager, Kuck and Associates, Inc. #include