Security from outside call-ins

Thomas Truscott trt at rti.UUCP
Wed Jul 20 08:53:51 AEST 1988


>   I'm not sure that this adds a lot of security. If these users want to
> be responsible users, they should have strong passwords of their own. Of
> course you can have the .profile check the login terminal and ask for a
> second password if the call is remote.

Call-in security is important because it stops random attacks by outsiders.
Such attacks are rare, but are painful as they are hard to trace.
Fortunately, call-in security is easy to provide.
VMS has a nice implementation.  UNIX should have one too.

Where I work all call-in modems are connected to a dataswitch
that prompts "Account:" and gives the user a single chance
to enter one of the correct passwords.
This is difficult and boring for all but the most determined cracker.
(Local connections to the dataswitch have a more pleasant interface.)

This type of security protects the entire system, not any particular user.
A good operating system cracker can break security
once they get logged in as anyone at all.

Our "dataswitch defense" gives me peace of mind.
But then we are on the Internet, so I am just fooling myself!
	Tom Truscott



More information about the Comp.unix.questions mailing list