Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.uoknor.edu!news.nodak.edu!netnews1.nwnet.net!news.u.washington.edu!uw-beaver!nntp.cs.ubc.ca!unixg.ubc.ca!van-bc!uniserve!usenet From: tom@uniserve.com (Tom Samplonius) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: IMPORTANT PPP SECURITY ISSUE Date: 6 Mar 1996 19:42:30 GMT Organization: UNIServe Online Lines: 43 Distribution: world Message-ID: <4hkpr6$dbc@atlas.uniserve.com> References: <4hkast$4u7@ns.hcsc.com> NNTP-Posting-Host: tapehost.uniserve.com Mime-Version: 1.0 Content-Type: Text/Plain; charset=US-ASCII X-Newsreader: WinVN 0.99.6 In article <4hkast$4u7@ns.hcsc.com>, angelo@tawny.ssd.csd.harris.com says... > >FreeBSD News Group: > >I wanted to point out some Security issues that you need to take into >consideration when connected to your ISP. > >ISSUES: >When you are connected to your ISP and you are using Dynamic or Static >IP addressing your system is seen to the outside world. For example, anyone >who can determine your IP address will have the capability of logging into >your machine. It will not matter what type of OS you are running. As long as >you are connected to the Internet your IP address is Public and hackers can >login into your system. > >COUNTER MEASURES: >To guard against hackers telneting or ftping into your machine and >compromising the security of you system do the following: > > 1. Make ABSOLUTELY certain that each user on your system has a pass word. > The password should NOT be easy to guess and should consist of upper, lower > case letters and numbers. > > 2. The root pass word MUST meet the requirements in 1. > > 3. Make your /etc/passwd file and any pass word encrypted file > read/write only by root. This defeats the purpose of /etc/passwd, and I believe pwd_mkdb will change it back to 0644 You might as well delete /etc/passwd altogether if you want to do this. > 4. Make sure users do not have su to root capabilities > >I hope this helps. I will welcome comments, suggestions and any other >security issues other users have found. > >Thanks, >Angel G. Ortiz >305-973-5022 > >