-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 12 Apr 1996, Danny L. Shadix wrote:
> Reading a recent posting brought up a question. If you are keeping logs of
> the dial-up activity so you'll see any attempts to guess passwords and if
> you control the passwords that are allowed, what is the major risk of
> having direct dial-ins?
What if someone actually SUCEEDS in hacking the system on a weekend?
They've can have up to 48 hours until someone notices, and by then,
unless you're spewing WORM or paper, they will have wiped the logs and
been gone with no one the wiser.
You should NEVER allow direct dial-ins to behind the firewall with simple
password security. Only if you're using some sort of strong
authentication should you even consider it(some firewalls support things
like SecureID or S/Key).
Ben.
____
Ben Samman .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
samman @
cs .
yale .
edu
"Si ce que dit Proust est vrai, a savoir que le bonheur est l'absence de
passion, alors je ne connaitrai jamais, le bonheur. Car je suis habite
par la passion de la connaissance, de l'experience et de la creation."
--Anias Nin
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: In Mocha Veritas
iQB1AwUBMXmAEL5ALmeTVXAJAQHnnAMApf9v9XT/T5vlL5g7LZxWZjf9/q1cNluw
bqSy4eLLuc8L8QBslE9TshxczUY3KRxkkq+TheMqkZx5DxtNYCS0Ep57O+n1/8tl
y67hVA9a6RJRFapX3c8JBpSN8RREns0D
=rMwJ
-----END PGP SIGNATURE-----
References:
-
Dial-up danger
From: "Danny L. Shadix" <shadixdl @
gccs .
cpf .
navy .
mil>
|
|
