->>Bill Burge wrote:
->>As for limited access by not having full internet functionality, I suppose
->>it would be safer by not being able to offer many of the standard services.
->>On that note... I'm switching my Sun SPARC firewall for a Casio BOSS! ;-)
->A Casio Boss, great! Not very much to the point, but good rhetoric.
->If you have a CASIO or printer that provides you with
->SMTP, FTP and telnet go right ahead and use it.
That my original assertion for the picture you painted of CTOS.
->>If SMTP, FTP and telnet are only provided as client side processes I
->>don't see how X windows will provide a way for others to contact you...
->I don't want others to contact me, I want to contact others.
->The less "Others" able to get through to my net, the less problem I have.
->It isn't a solution for everyone. But provides a great firewall for those
->that need limited access "out" to the internet. In a practical sense, the
->firewall is just that.
You implied that these features were either missing of lacking. Not
that they just weren't implemented on _your_ system. Without these features,
the system is not very interesting as a firewall. I could match that
level of "security" with a DOS box.
->>but this is hardly a replacement for SMTP, FTP and telnet daemons.
->Call it a daemon or a service, tomato or tamato, CTOS is a micro kernal
->multi-tasking Multi-user environment. The SMTP service (daemon) does allow
->outsiders to send me mail (obviously I am a part of this list), and FTP has
->limited access into my system. However, no one can telnet into CTOS, without
->my explicitly setting up a temporary opening.
->The original message talked about system admins using root all the time and
->what a bad idea that was. I agreed and offered my experience with "CTOS" as
->an example. No need to FLAME!
You should get out more :-) This list is tame compared to a couple of others
->Your pertinent question was:
->>So how is hacking for the "volume" password any different than hacking for
->>the "root"? Sounds like the same ol' problem.
->Maybe it isn't different - semantically. However, as has been pointed out
->many times on this list - one of the problems with Unix services is that they
->try to be mini operating systems. Why does SMTP need all those blasted
->calls? Once you break into SMTP or other _robust_ daemons - which have root
->access - you have privledged access with all the calls associated with those
->services. Unix services provide more ways to take advantage of ring 0. No
->need to be a master proccessor manipulator. If a hacker breaks the CTOS
->system service there are fewer _calls_ available.
That was the other point I was trying to make. Your message was sounding
like there wasn't the concept of a root account to abused. My statement
was that there is.
We both agree that signing as root is a bad thing and use of the root concept,
in any form, should be as limited as possible.
->Signing on as root imediately gives the admin damaging access. I think we
->all agree it is not a good idea to sign on as root for all your work. In
->CTOS the admin does not sign in and immediatley have that access, nor does
->s/he need that access to do 99% of the work. When that kind of access is
->needed there is a volume password which can be used. GOOD Admins protect
->that password with encryption and keep knowledge of it to two people.
->SO, you can hack for holes in the system services (unix) or try to break a
->twelve character encrypted password (ctos). If I were a hacker, I'd go for
While services will always be the main avenue of attack from the outside world,
account access will probably be the main avenue from the inside.
->Rodger Rossman |
->Unisys Network Administrator | R.ROSSMAN/ARSC @
Bill burge @
Quarterdeck Office Systems
Head System Abuser