Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: One Question about security
Special Forums Cybersecurity One Question about security Post 302074209 by System Shock on Sunday 21st of May 2006 06:39:39 PM
Old 05-21-2006
Quote:
Originally Posted by hegemaro
All quite true, System Shock, but there is one important point: the KCML client accesses the server application through Telnet. I am not personally familiar with the client but if it does not support SSH2/SSH3 encryption, installing SSH is of no value. If it does, then there is the herculean task of coordinating the protocol change with all of the users.

Therefore, securing the server must take precedence.

I agree that TCP Wrappers can limit the server's exposure. It stands to reason that restricting access to a series of address ranges is preferable to the entire Internet. Only shereenmotor can identify his requirements. Reviewing access logs can help with that.

Honestly, I have found that blind trust in SSH to solve "all" security vulnerabilities misplaced. It encrypts a data stream. It does not protect against easily guessed or missing passwords. Analysis, configuration, and process secure a system. Securing a system from unwanted access is, of course, important but of equal importance is minimizing the impact should (some would argue when) an intrusion occur. Also a system administrator must be constantly vigil to identify the intrusion through review of logs and placement of trip wires.

SSH is not a magic bullet, however it is most certainly in the arsenal.
What????

..yeah, that's what I said... go install SSH in your server but let everyone else telnet.. sure...

What I said in my first post, is that if you are using telnet, you can't secure the connection into your network. That was the original point.

I then suggested to at least try SSH. OBVIOUSLY BOTH SERVER AND CLIENT. What's this, amateur hour? And again, you can "harden" anything you want, but if you do not "harden" the most important part, i.e., the connection into your network, it doesn't matter what you do, because if you are using telnet - regardless what client software uses the protocol - anything that leaves the client's computer leaves it in ASCII. Even if you connect into a server then have to jump to another, whatever leaves the client's computer ot hits the first server's NIC can be easily seen with a snoop, so a snoop will see what you are typing to jump into the other server anyway.

There's no "blind faith" in SSH. Who's saying is a "magic bullet"? It is simply more faith in an encrypted data stream rather than an ASCII data stream. Yes people can guess passwd's, but sure as hell are not going to just guess the private key that matches the public key on the server. I did add that even the encrypted transmission can be decrypted, but it'll take much, much more than your average passwd cracking software to do so. There's more to implementing SSH than just installing it and using it, you know?

No matter how much you analyze and configure and "process" a system: Absolute Truth #1 of network security: if it's on the network, it can be hacked.
First thing that you protect is the connection into the network. Without it, anything else you do is pretty much a waste of time.

You may lock all of your valuables in your house, but if you leave your front door wide open...
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

PostFix security question

I have a Postfix mail server running on my eMac, and been looking at /var/log/mail.log. I am new to administrating a mail server. I notice some servers tried to relay messages to unkown recipients in my server, and my Postfix denied access. The "from" and "rcpt to" look very phony. I did a... (3 Replies)
Discussion started by: fundidor
3 Replies

2. UNIX for Dummies Questions & Answers

UNIX Security Question

Can other users delete / replace this file if the directory and file have the following permissions /test drwxrwxrwx /test/file _rw_r__r__ I guess what I really want to know is what the security riskis of having teh directory completely open when the access to a particular file is... (3 Replies)
Discussion started by: OBCCBIP
3 Replies

3. UNIX for Dummies Questions & Answers

security question

I just wanted to know when dealing with key loggers, What would be a normal routine for searching them out. I really don't know what I am looking for other than odd process. Also packet sniffers. What are signs? (0 Replies)
Discussion started by: blanks
0 Replies

4. UNIX for Dummies Questions & Answers

Question: Unix Security

question deleted, because answered (2 Replies)
Discussion started by: kasa
2 Replies

5. Solaris

Java / SunOS Security question

Hi, I have a question about the Java that comes with the Solaris 9/10 OS. All my boxes are servers, only ssh allowed, no x windows, hardened, firewaled, etc... Their purpose is Oracle DB's and Sun One Dir servers. None of which use the OS version of Java as far as know. Question IS, can... (1 Reply)
Discussion started by: BG_JrAdmin
1 Replies

6. UNIX for Dummies Questions & Answers

Security Question

In an effort to adapt to best security practices, it has been suggested that a number of scripts that are going to be distributed to multiple machines across an internal network use be modified to replace instances of rsh and rcp with openSSH ssh and scp. Since there are so many references to rsh... (1 Reply)
Discussion started by: jasondj
1 Replies

7. Cybersecurity

Security question.

This may seems simple but I am unaware of this. Is there anyway to fetch the date & time of a user ID created on AIX? (actually I need answer for HP-UX,Solaris & Linux as well. But AIX is what I am most interested in.) I use ls command but it does not show the creation date. It just shows the... (2 Replies)
Discussion started by: raj100
2 Replies

8. Cybersecurity

Question on a security package on linux

Hello everyone , I want to implement a new firewall, detection system on my network composed of some 200 computers as follows: The fire wall would be a linux box with router, L7 iptable and also snort as IDPS system. These are my questions: 1. Is there any security consideration regarding... (0 Replies)
Discussion started by: ahmedkamel
0 Replies

9. Cybersecurity

Web hosting security question

Hi, Recently my has been hacked. A .pl script has been uploaded in the root of the directory, which uploaded lot of unwanted files and changed their file permission to 777. I have no clue how did they upload that .pl file in my hosting. Website is in shared hosting. Could they access my web... (3 Replies)
Discussion started by: agriz
3 Replies

10. AIX

AIX IP security question

Recently the network auditor found a security hole at port 50000. The port 50000 is used by db2. When I enter command "netstat -Aan |grep 50000", it showed some established connections and are all db2 processes. I have asked the application team and they answered that the port 50000 connection... (2 Replies)
Discussion started by: skeyeung
2 Replies

LEARN ABOUT SUNOS

asadmin-list-connector-security-maps

asadmin-list-connector-security-maps(1AS)			   User Commands			 asadmin-list-connector-security-maps(1AS)

NAME

       asadmin-list-connector-security-maps, list-connector-security-maps - lists the security maps for the named connector connection pool

SYNOPSIS

       list-connector-security-maps  --user  admin_user [--password admin_password] [--host localhost] [--port 4848] [--secure|-s] [--passwordfile
       filename] [--terse=false] [--echo=false] [--interactive=true]
	[--verbose=false] [--securitymap mapname] pool_name

       lists the security map belonging to the named connector connection pool.

       This command is supported in remote mode only.

OPTIONS

       --user		       authorized domain application server administrative username.

       --password	       password to administer the domain application server.

       --host		       machine name where the domain application server is running.

       --port		       port number of the domain application server listening for administration requests.

       --secure 	       if true, uses SSL/TLS to communicate with the domain application server.

       --passwordfile	       file containing the domain application server password.

       --terse		       indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-
			       formatted data for consumption by a script. Default is false.

       --echo		       setting to true will echo the command line statement on the standard output. Default is false.

       --interactive	       if set to true (default), only the required password options are prompted.

       --verbose	       lists the identify, principals, and the security name.

       --securitymap	       name of the security map.

OPERANDS

       poolname 	       name of the pool.

       Example 1: Using list-connector-security-maps with security map option

       asadmin> list-connector-security-maps  --user admin --password adminadmin
       --securitymap mysecuremap securityPool1
       Command list-connector-security-maps executed successfully

       One security map (mysecuremap) is listed for the securityPool1 pool.

       Example 2: Using list-connector-security-maps

       asadmin> list-connector-security-maps --user admin --password adminadmin
       securityPool1
       Command list-connector-security-maps executed successfully

       All the security maps are listed for the securityPool1 pool.

EXIT STATUS

       0		       command executed successfully

       1		       error in executing the command

       asadmin-delete-connector-security-map(1AS), asadmin-create-connector-security-map(1), asadmin-update-connector-security-map(1AS)

J2EE 1.4 SDK							    March 2004				 asadmin-list-connector-security-maps(1AS)
All times are GMT -4. The time now is 01:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy