*BSD News Article 56237


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!yarrina.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!newsfeed.internetmci.com!btnet!demon!pencotts.demon.co.uk
From: Andrew Gordon <andrew.gordon@net-tel.co.uk>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Internet Gateway Security
Date: Thu, 30 Nov 1995 15:43:39 GMT
Lines: 24
Message-ID: <817746219.4550@pencotts.demon.co.uk>
References: <4928bq$8o3@news2.ios.com> <493pu7$7gs@atlas.uniserve.com> <49i19b$m84@buffnet2.buffnet.net> <49k5nd$4uc@gryphon.phoenix.net>
NNTP-Posting-Host: pencotts.demon.co.uk
X-NNTP-Posting-Host: pencotts.demon.co.uk
X-Mailer: Mozilla 1.1N (X11; I; BSD/386 uname failed)
MIME-Version: 1.0
X-URL: news:49k5nd$4uc@gryphon.phoenix.net
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii

pflores@phoenix.net (Paul Flores) wrote:
>: I dissagree - if any machine on your lan runs BOTH IPX and tcp/ip the 
>: cracker would need only crack that machine, and then use it to crack 
>: other ipx/novell boxes.
>
>Hmmm, as long as FTPs into your machines are denied(Something your router 
>should be able to do), there 
>isn't a WHOLE lot one can do to a PC running windows, OS/2 or a MAC. :>
>

This used to be a fair assumption, but in recent years has become much more
dangerous.  Unless you have VERY strong control over what your users install on
their PCs, you should really assume that they are as vulnerable as Unix
machines.  For example:

- OS/2 supports telnet access
- All of the above can have FTP servers installed by the user very easily.
  Possibly even on non-standard ports that you forgot to block at the router..
- Windows4WG has SMB file sharing.  If someone installs the Microsoft TCP,
  and exports some drives, this can potentially exposs the contents of all
  your hard drives to the outside world...
- NFS server capability can similarly be installed.