Great Circle Associates Firewalls
(February 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Security aspects of user names (more)
From: Martin Fredriksson <martin @ msp . se>
Date: Fri, 23 Feb 1996 01:28:26 +0100 (MET)
To: firewalls @ GreatCircle . COM 
I previously asked the list's view concerning keeping user account names from
bing distributed freely (e.g. as part of mail address).  I have received
several answers, most of them including the view that one should NOT
distribute any information about network structure, job specification or
other such stuff which might be generated from the GECOS field or implicitly
from the host name.  I thank all who replied, and I naturally agree with
these views. 

What some of you guessed, is that my question has more to do with policy than
with practical problems (well, the policy is becoming the problem :(...). 
Please allow me to state my question in another way (again, sorry if this
borders on not being quite firewallish enough!?). 

Assume my company (msp.se) is a large company.  We are concerned about not
distributing unnecessary info, and thus have generic type mail addresses of
form: user @
 msp .
 se .
   Central mail hubs (parts of firewalls) enforce this and
even cleans up the comment field a bit, resulting in From addresses of
format: 

	user @
 msp .
 se (Firstname Lastname)

In order for this to work, all employees must have unique mail names.  Assume
this is done by having a centrally administrated database of all such names,
and that each employee has a unique ID used as the mail name.

Also, on some systems, this ID is used also as the user account name (there
are several advantages to using a common ID for different purposes, such as
traceability of resource usage, convenient for users, real simple sendmail.cf
rewriting rules :), etc). 

Assume now that some people feel uncomfortable with the fact that the ID is
both the mail name and user name in some systems, and that they want to
separate these two entities.  They feel that they gain a security advantage
from doing this. 

I am opposed to this notion.  I feel that there is no REAL security gained by
doing this, and that it on the contrary can have negative impact on security
(lack of traceability, duplicate names, false sense of security).

I agree to the basic idea that we should not distribute any information which
could make it easier for the bad guys, but I also think that REAL security
cannot depend on obscurity in this case.  If the mail name is the same as the
user account name, we need to make it very hard to mount an attack based on
that information (e.g. by disallowing any login attempts, always using strong
authentication, etc). 

Am I missing something?

/// Martin F
Follow-Ups:
Indexed By Date Previous: Anyone have more info about this breakin?
From: mmoshman @ imfaix2s . imf . org (Marc Moshman)
Next: RE: Security aspects of user names
From: gregg @ smtpgate . Disclosure . COM
Indexed By Thread Previous: RE: Anyone have more info about this breakin?
From: "Emily G. Cohen" <emily @ us . checkpoint . com>
Next: Re: Security aspects of user names (more)
From: "Jonathan M. Bresler" <m1jmb00 @ FRB . GOV>
Google
 
Search Internet Search www.greatcircle.com