Date: Thu, 8 Nov 2001 10:23:56 -0500 From: Kutulu <kutulu@kutulu.org> To: Anthony Atkielski <anthony@atkielski.com> Cc: Giorgos Keramidas <charon@labs.gr>, freebsd-questions@FreeBSD.ORG Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Message-ID: <20011108102356.B10218@pr0n.kutulu.org> In-Reply-To: <002801c1682c$818807b0$0a00000a@atkielski.com>; from anthony@atkielski.com on Thu, Nov 08, 2001 at 09:08:08AM %2B0100 References: <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org> <007e01c1636e$97016d10$0a00000a@atkielski.com> <20011108021537.E79276@hades.hell.gr> <002801c1682c$818807b0$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 08, 2001 at 09:08:08AM +0100, Anthony Atkielski wrote: > Giorgos writes: > > > I let people login as normal users on my workstation > > from places like New Zealand, Australia or Canada ... > > Via telnet or SSH? > > Is there any danger in allowing telnet login of unprivileged users on a system, > apart from the possibility of compromise of the user's own account? That is, There is a danger in letting *any* users log into a system. There are typically many more ways to exploit programs if you have a local account and can execute commands, than if you were limited to what packets could get past the various levels of router/firewall/closed sockets that can drop remote traffic. It's also unfortunately the case that, quite often, admins tend to lag behind in fixing 'local exploit' problems because they tend not to trigger things like IDS or firewall systems, and don't get as much 'peer press' as remote exploits. This doesn't mean not to allow anyone on your machine ever, but it is a good argument against letting "everyone" on your machine, as in your anonymous guest account. And, of course, it means you will have to be that much more secure and vigilant with your system. --K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108102356.B10218>