At 08:26 PM 1/14/96 GMT, Avishai Avivi wrote:
>Guys,
>With-all-due-respect I think we should drop the discussion on all of the
>various security levels there are out there... I truly believe (from
>personal experience) that the less you discuss these things, the better off
>you all are... Besides I think the networking world has enough acronyms to
>keep us guessing at. :-o
Agreed.
>Does anyone know of any good guidelines on how to build proxies, or where
>one might be able to get his hands on a skeleton proxy, that is custimizable
>enough?
Umm have you looked in the TIS sources?
>Also I have a problem some of you mentioned... While I'm the "cop" at my
>organization as far as security is concerned (also known as "The anal
>retentive networking dude") I do have superiors who do not understand what
>is wrong in allowing rsh and such between segments (We are really paranoid).
> So I took a source for rsh, and modified it a bit to include some security
>oriented features (such as checking the username against a list of autorized
>commands). But I think I'm probably trying to re-invent the wheel. Does
>any of know of a source of secured services?
I'm not sure if it's exactly what you're looking for, but in a previous life
I used a tool called sudo, as in su do, which restricted which things a
paticular user could do, and logged it too. not sure if I remember
correctly, but it may have had an option to authenticate for each 'do'....
hope this helps.
--Dave
--------------------------------------------------------------------------------
"Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back." --B.B. King
David Schiffrin
dschiffrin @
ucsd .
edu
Follow-Ups:
|
|
