[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NFS, Telnet, and security issues

To: att!ai.sri.com!slug@Warbucks.AI.SRI.COM
Subject: NFS, Telnet, and security issues
From: lgm@iexist.att.com
Date: Wed, 13 Jun 1990 19:04:00 -0400
Original-from: Larry Mayka <iexist!lgm>

With our site's pending conversion to Genera 8.0, the security issue has
reared its ugly head again, and it looks like we have to really *do*
something about it this time.  Our Symbolicses are on the same Ethernet
network as Suns, and we currently support FTP and Telnet in both
directions.  As you might expect, requests in the Symbolics=>Sun
direction receive a fair amount of use, the other direction almost none.
(After all, we don't "fit in.")  With 8.0, we are now also considering
NFS.  Security concerns focus primarily on protecting the Suns and their
filesystems, though people feel that even the Symbolicses should not
leave themselves "wide open."  Several sub-issues present themselves:

FTP:
  	From Sun to Symbolics: Adding ACLs and passwords to the
Symbolics filesystem should be sufficient, no?  Will this force
Symbolics FTP to request a password in order to begin an FTP session, or
only later when the client makes her/his first file request?

	From Symbolics to Sun: Sun's password requirement for FTP
sessions is probably sufficient, as long as the Symbolicses (which,
after all, hold such passwords in virtual memory) are not *too*
insecure.

Telnet:
  	From Sun to Symbolics: We really need to force a password at the
beginning of *any* Telnet session, not just on the first file access.
Is there any simple way to do this?  Or perhaps we should just disable
Telnet-serving on the Symbolicses entirely.  (Between themselves, the
Symbolicses use 3600-LOGIN anyway, right?)  Is there any simple way to
reliably disable Telnet-serving on the Symbolics, or do we need to
modify the source code?

	From Symbolics to Sun: The Sun's password requirement is
presumably sufficient.

NFS:
  	From Sun to Symbolics: I guess we'll just have to declare the
Suns to be "trusted hosts," won't we?

	From Symbolics to Sun: This is probably the touchiest problem of
all.  I don't know if we can convince the Sun administrators to consider
our Symbolicses "trusted" except through unreasonable precautions (e.g.,
a locked door for every room containing a Symbolics).  We might manage
to make our file server sufficiently secure, but...What good would that
really do?  Is there a way to transparently funnel NFS file requests
through the server?  For example, can we mount the Sun's filesystem onto
our file server's LMFS?

Any comments on all this?  Is there anything else I'm missing?


	Lawrence G. Mayka
	AT&T Bell Laboratories
	lgm@iexist.att.com

Standard disclaimer.

Prev by Date: Possible BUG in MacIvory interface to Mac OS
Next by Date: Re: Unsubscribe
Previous by thread: Possible BUG in MacIvory interface to Mac OS
Next by thread: Errors to window, not background stream
Index(es):
- Date
- Thread