*BSD News Article 62806


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.uoknor.edu!news.nodak.edu!netnews1.nwnet.net!news.u.washington.edu!uw-beaver!nntp.cs.ubc.ca!unixg.ubc.ca!van-bc!uniserve!usenet
From: tom@uniserve.com (Tom Samplonius)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: IMPORTANT PPP SECURITY ISSUE
Date: 6 Mar 1996 19:42:30 GMT
Organization: UNIServe Online
Lines: 43
Distribution: world
Message-ID: <4hkpr6$dbc@atlas.uniserve.com>
References: <4hkast$4u7@ns.hcsc.com>
NNTP-Posting-Host: tapehost.uniserve.com
Mime-Version: 1.0
Content-Type: Text/Plain; charset=US-ASCII
X-Newsreader: WinVN 0.99.6

In article <4hkast$4u7@ns.hcsc.com>, angelo@tawny.ssd.csd.harris.com says...
>
>FreeBSD News Group:
>
>I wanted to point out some Security issues that you need to take into
>consideration when connected to your ISP.  
>
>ISSUES:
>When you are connected to your ISP and you are using Dynamic or Static 
>IP addressing your system is seen to the outside world.  For example, anyone
>who can determine your IP address will have the capability of logging into 
>your machine.  It will not matter what type of OS you are running.  As long as
>you are connected to the Internet your IP address is Public and hackers can 
>login into your system.
>
>COUNTER MEASURES:
>To guard against hackers telneting or ftping into your machine and 
>compromising the security of you system do the following:
>
> 1. Make ABSOLUTELY certain that each user on your system has a pass word.
>    The password should NOT be easy to guess and should consist of upper, lower
>    case letters and numbers. 
>
> 2. The root pass word MUST meet the requirements in 1.
>
> 3. Make your /etc/passwd file and any pass word encrypted file 
>    read/write only by root.

  This defeats the purpose of /etc/passwd, and I believe pwd_mkdb will
change it back to 0644  You might as well delete /etc/passwd altogether
if you want to do this.

> 4. Make sure users do not have su to root capabilities
>
>I hope this helps.  I will welcome comments, suggestions and any other
>security issues other users have found.
>
>Thanks,
>Angel G. Ortiz
>305-973-5022
>
>