Curing remote-access security ailments

By Hal Stern, Unix Insider |  Security

The Internet's ascension to media darling has
raised awareness of network security across the board. Unfortunately,
many people still think of the problem as one that exists at the
boundary between the "out there" Internet and their internal networks,
while in reality problems exist in any distributed computing
environment. If you trust your internal network and all of the players
on it, you may feel this month's topic is irrelevant. Before chasing
the next URL, though, peruse the list of potential internal crises
that follows. Should you change your mind about your exposure and
responsibility, continue reading as we talk about the secure shell
(ssh), a relatively new, freely available encryption tool that reduces
the risks of some of these problems. We'll wrap up by matching ssh
functionality against each of the attack mechanisms, highlighting what
ssh does and does not do to increase your comfort level.

Everybody seems to have their own security-oriented acronym starting
with S. To add to the fracas of STP, SSL, SHTTP, and SEPP, here's our
first SSQ (Security Sensitivity Quiz). Think about the three scenarios
below and their variations that can be played out on your network.


  • You notice some new accounts added to your password file, and two
    new mail aliases created on the mail hub. The users appear to be
    legitimate, and the aliases don't appear too inviting to the outside
    world even though they do forward mail to a processing script. But
    then you find out you have a request to add those same users to your
    work queue, and that somebody beat you to the punch. On closer
    inspection, you find a large hole in one of the alias-handling
    scripts. How'd you lose control of the NIS password file and alias
    maps? Think back to the time of the last changes you applied -- you
    did an rlogin to the NIS master, executed
    su, and typed the root password. Someone with a
    watchful network eye grabbed the root password in clear text right off
    of the Ethernet. A quick look at syslog shows you who became root at
    the time the changes were made, so you're quick to admonish the
    over-anxious user.

 

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question