Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.uoknor.edu!news.nodak.edu!netnews1.nwnet.net!news.u.washington.edu!uw-beaver!nntp.cs.ubc.ca!cs.ubc.ca!unixg.ubc.ca!orca.osg.gov.bc.ca!passer.osg.gov.bc.ca!cschuber
From: cschuber@passer.osg.gov.bc.ca (Cy Schubert - BCSC Open Systems Group)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: IMPORTANT PPP SECURITY ISSUE
Date: 7 Mar 1996 20:09:20 GMT
Organization: BC Systems
Lines: 54
Distribution: world
Message-ID: <4hnfpg$2rh@orca.osg.gov.bc.ca>
References: <4hkast$4u7@ns.hcsc.com>
NNTP-Posting-Host: passer.osg.gov.bc.ca
X-Newsreader: TIN [version 1.2 PL2]
Angel Ortiz (angelo@tawny.ssd.csd.harris.com) wrote:
> FreeBSD News Group:
> I wanted to point out some Security issues that you need to take into
> consideration when connected to your ISP.
> ISSUES:
> When you are connected to your ISP and you are using Dynamic or Static
> IP addressing your system is seen to the outside world. For example, anyone
> who can determine your IP address will have the capability of logging into
> your machine. It will not matter what type of OS you are running. As long as
> you are connected to the Internet your IP address is Public and hackers can
> login into your system.
> COUNTER MEASURES:
> To guard against hackers telneting or ftping into your machine and
> compromising the security of you system do the following:
> 1. Make ABSOLUTELY certain that each user on your system has a pass word.
> The password should NOT be easy to guess and should consist of upper, lower
> case letters and numbers.
> 2. The root pass word MUST meet the requirements in 1.
> 3. Make your /etc/passwd file and any pass word encrypted file
> read/write only by root.
> 4. Make sure users do not have su to root capabilities
5. Make use of of TCP/Wrapper and kernel level IP Firewalling. I've used
a shell script, when I ran Linux and now under FreeBSD, that dynamically
builds IP filtering entries when I dial into work or my friend's ISP
business. My home computer has been able to withstand two hacking
attempts, as noticed in syslog, over the last four years because of
these measures.
> I hope this helps. I will welcome comments, suggestions and any other
> security issues other users have found.
> Thanks,
> Angel G. Ortiz
> 305-973-5022
>
Regards, Phone: (604)389-3827
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."