From owner-freebsd-questions Thu Feb 22 1: 0:17 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 3EAEE37B4EC for ; Thu, 22 Feb 2001 01:00:04 -0800 (PST) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f1M8xB722326; Thu, 22 Feb 2001 00:59:15 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Doug Young" , "Macrolosa" Cc: Subject: RE: login-MODEM Date: Thu, 22 Feb 2001 00:59:10 -0800 Message-ID: <004701c09cad$b8c88c40$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 In-Reply-To: <00dd01c09c49$494b6f40$847e03cb@apana.org.au> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Doug Young > Sent: Wednesday, February 21, 2001 1:00 PM > To: Macrolosa > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: login-MODEM > > > If you are asking "how do I do a shell login to my ISPs computer" the > answer is simple. > You DON'T. Few if any ISPs will allow that for security > reasons.The "shell" Well, we do so you need to change that to "Few" There's nothing to running a shell server as long as you take a few simple precautions. For starters it has to be on an isolated net behind a firewall, and secondly you need to make your users sign an agreement that they accept responsibility for securing their own files, and lastly you need to set it up so that the system disk is on a separate hard drive, and you need to image the system disk off to a backup server on the network, dd works real well for this. Your way overstating the security risks here. What risks?! There's nothing that a user can do on a shell server that they can't do already by setting up a UNIX system and dialing into us, except for screwing other users on that server, and if all the users understand that the shell server is basically the kids playroom and you need to protect yourself, and that files placed on it are not backed up, why then who cares what they do to the server? If one day I find that some kiddie has trashed it, so what, I can see when it happened, check the radius logs to see who was on it, very likely find out that way who did it, suspend their account, and in an hour I can reimage the system disk and we are back up and running. > you get with > a regular internet account is not a real shell in the sense of getting > access to system files, Rubbish - your making things way hard for yourself. UNIX already has excellent security for this - you just need to understand it. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message