Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!network!ucsd!rutgers!phri!roy
From: roy@phri.UUCP (Roy Smith)
Newsgroups: comp.unix.wizards
Subject: Re: Unix network security (was "CERT Internet Security Advisory")
Message-ID: <3942@phri.UUCP>
Date: 17 Aug 89 23:34:00 GMT
References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu>
Reply-To: roy@phri.UUCP (Roy Smith)
Organization: Public Health Research Inst. (NY, NY)
Lines: 22

In <1064@accuvax.nwu.edu> phil@delta.eecs.nwu.edu (William LeFebvre) writes:
> When /bin/login knows it is processing a remote login, why can't it
> check the hostname against a list of "allowed" hosts?

	I can't find any problems with William's suggestion, but would add
one more idea.  Before allowing a shot at a username/password, require a
network access password.  The same thing could be done for dial-up access,
but this is less of a problem.  This password would be picked by the system
administrator, (theoretically) ensuring that it wasn't an obvious one, like
lusers tend to pick.  This is not a new idea, but seems to be implemented
only in very security concious sites; perhaps it should be the default way
vendors ship their systems.  Multiple failures to get the network access
password right should be logged in the system security log.

	Actually, I can find one problem with William's suggestion.  Just
like people tend to pick poor passwords, I suspect many people would put
"*" in their .netaccess files, effectively defeating the whole idea.
-- 
Roy Smith, Public Health Research Institute
455 First Avenue, New York, NY 10016
{att,philabs,cmcl2,rutgers,hombre}!phri!roy -or- roy@alanine.phri.nyu.edu
"The connector is the network"