Network security, part I

vger!preece at urbana.mcd.mot.com vger!preece at urbana.mcd.mot.com
Sat Dec 31 02:50:38 AEST 1988


  Cory Kenpf:
> >If being root on your workstation can spoof the authentication
> >mechanism, then it's pretty useless in the grand scheme of things.
> >Yes, rlogin is too trusting.
> 
> I submit that any scheme that only requires the user to log into the
> host machine can be subverted by root on that machine.  
----------
The question is whether the workstation is part of the trusted computing
base or not; that is, is the network, including that workstation, all
one system or not.  IF the administration of the workstation is as tough
as the administration of the net AND the workstation's operating system
is hard enough to protect against authentication attacks, then there's
no reason why the workstation shouldn't have trusted access to the
network.  There's no particular reason why your workstation should be
any easier for you to subvert than any other machine you work on.

If, on the other hand, the network is unwilling to accept your
workstation as part of the TCB, then a secure networking scheme would
have to place the authentication barrier between the workstation and
the network and you would be required to log in to the network
authentication system to get access to network facilities.  Because of
the danger of the untrusted node subverting communication between the
trusted user and the network, though, one would expect the network to
limit the capabilities available in this mode.

[Disclaimer: If I ever have occasion to speak as Motorola, I will say
so; this posting represents my own partially-baked knowledge and
opinions only]

-- 
scott preece
motorola urbana design center
uucp:	uunet!uiucuxc!mcdurb!preece
arpa:	preece at urbana.mcd.mot.com



More information about the Comp.unix.wizards mailing list