*BSD News Article 63207


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!act.news.telstra.net!psgrain!news.uoregon.edu!cs.uoregon.edu!reuter.cse.ogi.edu!news.ssd.intel.com!chnews!itnews.sc.intel.com!news.sprintlink.net!news.neca.com!chi-news.cic.net!nntp.coast.net!howland.reston.ans.net!gatech!newsfeed.internetmci.com!ns.hcsc.com!tawny!angelo
From: angelo@tawny.ssd.csd.harris.com (Angel Ortiz)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: IMPORTANT PPP SECURITY ISSUE
Date: 6 Mar 1996 15:27:25 GMT
Organization: Harris CSD, Ft. Lauderdale, FL
Lines: 36
Distribution: world
Message-ID: <4hkast$4u7@ns.hcsc.com>
NNTP-Posting-Host: tawny.ssd.hcsc.com

FreeBSD News Group:

I wanted to point out some Security issues that you need to take into
consideration when connected to your ISP.  

ISSUES:
When you are connected to your ISP and you are using Dynamic or Static 
IP addressing your system is seen to the outside world.  For example, anyone
who can determine your IP address will have the capability of logging into 
your machine.  It will not matter what type of OS you are running.  As long as
you are connected to the Internet your IP address is Public and hackers can 
login into your system.

COUNTER MEASURES:
To guard against hackers telneting or ftping into your machine and 
compromising the security of you system do the following:

 1. Make ABSOLUTELY certain that each user on your system has a pass word.
    The password should NOT be easy to guess and should consist of upper, lower
    case letters and numbers. 

 2. The root pass word MUST meet the requirements in 1.

 3. Make your /etc/passwd file and any pass word encrypted file 
    read/write only by root.

 4. Make sure users do not have su to root capabilities

I hope this helps.  I will welcome comments, suggestions and any other
security issues other users have found.

Thanks,
Angel G. Ortiz
305-973-5022