# >As we all know from system security experience, the simplest and
# >greatest reducer of risk is to implement strict control of passwords.
# >After that you prioritize based on likelihood of attack, potential for
# >damage etc. etc.
# I prefer to reduce this problem to a more generic statement
# of principle: "The greatest risk is your users." I solve that problem
# by throwing them all off my firewall completely. That way I have
# exactly 2 passwords I need to worry about, no worries about .rhosts
# or any nonsense like one of my users deciding to fire up IRC.
# Password control, password aging, scripts to remove .rhosts
# files every night, etc, etc. are all just means of attacking the
# symptom. Solve the problem.
I concur with this, having built several firewall systems for various
My basic approach is to use a filtering router (typically a Cisco or a
Telebit NetBlazer) to create a packet filtering "fence", then put one
host that I've secured as well as possible (and that includes not
creating any user accounts on it) "outside" the fence to be what the
whole world sees (the SMTP server, the NNTP server, the anonymous FTP
server, etc.). I arrange the packet filters such that folks on
internal machines can use TELNET, FTP, and other basic applications to
get out, but that nothing can get back in.
I don't believe in using custom proxy TELNET and FTP clients (like
Sun's "iftp" and "itelnet"), because these custom clients are only
available for a limited range of platforms (a lot of the internal
systems I deal with are Macs, for instance, and the proxy clients
aren't available for them).
Brent Chapman Great Circle Associates
COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041