Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!accuvax.nwu.edu!delta.eecs.nwu.edu!phil From: phil@delta.eecs.nwu.edu (William LeFebvre) Newsgroups: comp.unix.wizards Subject: Re: Unix network security (was "CERT Internet Security Advisory") Message-ID: <1068@accuvax.nwu.edu> Date: 18 Aug 89 20:49:34 GMT References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> <3942@phri.UUCP> <35131@wlbr.IMSD.CONTEL.COM> Sender: news@accuvax.nwu.edu Reply-To: phil@delta.eecs.nwu.edu (William LeFebvre) Organization: Northwestern U, Evanston IL, USA Lines: 20 In article <35131@wlbr.IMSD.CONTEL.COM> sms@WLV.IMSD.CONTEL.COM.UUCP (Steven M. Schultz) writes: > How about inverting the meaning of ".netaccess"? By this i > mean making it a list of hosts/addresses to be rejected. I was thinking of having two files, along the lines of the new "cron": ".login.allow" and ".login.deny". There should probably also be a provision for a system-wide default, so that for example the sysadmin could set up all accounts to allow remote logins for "*.eecs.nwu.edu". You realy don't want just a list of "bad guys". In my thinking, anyone I can't explicitly name is suspect. Not because of the sysadmin or the users at that particular site (after all, they are just as susceptible to breakins as I am), but more because it is easier and quicker for me to name those sites I want to log in from than those I never want to log in from. William LeFebvre Department of Electrical Engineering and Computer Science Northwestern University