> Date: Tue, 24 May 94 08:04:53 -0700
> From: pauld @
pyramid .
com (Paul Daw)
>
...> we saw a second potential problem.
>
> Since these people are at customer sites, there is a real potential for
> local eavesdropping. While the one-time-password scheme protects the
> firewall from intrusion, it doesn't protect all of the internal
> machines that the user might log into once he is on the gateway, and
> those passwords will still be sent in the clear. The Internet gateway
> isn't the only way in, and there is a possibility that the passwords
> used on internal machines might also be used on modem servers and the
> like.
A firewall isn't a firewall if there are holes elsewhere. Protect
modem servers with one-time passwords (skey,secure-id,etc). Protect
any perimeter accesses.
If my car's Firewall (that barrier between the engine and me) had a
hole at the passenger seat, then it's not being a firewall. It just
preventing access from that point. Same for your setup.
> It seems like the only safe way to do this is to actually give the
> remote user an encrypted telnet capability...
> 1) Am I *too* paranoid about all of this? Are we going too far?
You can never be too paranoid. Just don't act it or They'll notice ;).
It's not practical to give out a disk with a new version of telnet
for every platform that your people might be on. I've done field
work and logged in through PCs and Mac and Sun's and VMS machines -
whatever the client had that was on the Internet. Often I wouldn't
have been allowed to put a binary onto their machine.
> 2) If not, what are the restrictions for running encrypted telnet
> in other countries? Should we be concerned about this?
You SHOULD be concerned about this. Phil Zimmerman (PGP) can tell you
about the governments lack of appreciation for exported encryption
tools. But mostly, it's not practical.
Nonetheless, onward through the fog...
Clear text password are not viable in the networked world we live in so
here's an idea: How about when you log in (with a one time password or
sitting at the local machine), you get something that proves it's you -
lets call it, I know, a "ticket". Then when you access other machines,
telnetd or rlogind look for a ticket. If you have none, it asks for
passwords or rejects you. If an authenticated user is not allowed
on a particular machine, it rejects you.
This way there are no passwords used, even on the local net - you get
authenticated by the machine you come in through. When you come in
from outside (modem, Internet, any perimeter crossing way), you use a
one time password and get authenticated.
This is Kerberos. It can be very useful for this kind of problem.
Chuck
|
|
