At 16:57 2/13/95, Martin J. Burke wrote:
>I recently attended Brent Chapman's Firewalls tutorial and found it very
>enlightening.
Thanks!
>He sort of touched the subject of Anonymous ftp service.
>The most important thing I got from his seminar is to have no user accounts
>on the bastion host. How can I give specific inside users access to place
>files up on the ftp server without giving them an account? How does the rest
>of the world out there run their anonymous ftp site? What are the policies
>of anonymous ftp providers normally? What should I woory about in terms of
>security? Any help would be appreciated ( as long as someone can tell me
>where to go look if this is not the right place. )
"No accounts" is the goal, but sometimes it has to be modified somewhat in
order to fit the real world. There are many different approaches.
The simplest is to create a limited number of accounts for maintenance (as
few as possible, but you don't want multiple people sharing the same
account, because that destroys your accountability of who did what),
educate the holders of those accounts about their responsibilities (good
passwords, no .rhosts files, etc...), and then hope for the best. If you
can enforce some controls in software (for instance, using the TCP Wrapper
packet to limit where people can log in from, or not running the
rsh/rexec/rlogin daemons so that it doesn't matter if folks create .rhosts
files, or using one of the various pro-active password checking or one-time
password programs to reduce your exposure to bad/sniffed passwords, or
...), so much the better. This can work especially well if these "users"
are actually sysadmins or other technically knowledgable folks who
understand the security implications of what they're doing, and agree with
the need for security, and will follow your guidelines.
Instead of maintaining their anonymous FTP hierarchy on the bastion host,
some sites maintain it on an internal system, and then simply copy it to
the bastion host as updates are made. The copies might be automatic, on a
weekly, hourly, or daily basis, or they might be manual, if the data
doesn't change that often. Some folks use "rdist" and similar methods to
"push" stuff to the bastion host (but I worry about the security
implications of that; rdist implies .rhost files, trusting remote systems
by IP address, and all that; all of those are fertile ground for an
attacker). Others use FTP mirroring programs to pull stuff to the bastion
host from an internal FTP server (where FTP has been secured as tightly as
on the bastion host, and packet filtering (or TCP Wrappers or other
mechanisms) restricts client connections to this machine so that they can
only come from the bastion host). Some sites needing only infrequent
updates simply create a tape on an internal system and load it on the
bastion host.
-Brent
--
== For info about the Internet Security Firewalls Tutorial and a schedule ==
== of upcoming dates, please send email to Tutorial-Info @
GreatCircle .
COM ==
==============================================================================
== Brent Chapman Great Circle Associates ==
== Brent @
GreatCircle .
COM 1057 West Dana Street ==
== +1 415 962 0841 Mountain View, CA 94041 ==
Follow-Ups:
|
|
