hi ya...
for more secure rpc... secure portmapper etc.. ( bottom of link )
http://www.linux-sec.net/Harden/services.gwif.html
for allowng users to log into any pc and get work done..
- requires a home server that is gonna stay up most of the time
-
- you'd need to either pass the passwd/shadow files around
( my preference to pass files around ) or use nis ( not mypreference )
if you are worried about security....
- what are you paranoid about???
- login authentication -- gazilion ways ...
- disable dhcp and use all ip# defined by the "mask"
- data loss ???? -- do backups
- people breaking into your servers
( 80-90% most attacks are inside your lan )
- server too vulnerable ???
apply patches, implement a tighter security policy
- [h/cr]ackers raising havoc with your servers
( fun/annoying stuff to try to defend )
- wanna know when somebody broek into your boxes
- implement ids's
- wanna know who/how they got int...
- implemnent a "good" foresnsics plan
- wanna know why they got in..
- probably for the fun of it
-- blah blah... fun stuff...
http://www.Linux-Sec.net
c ya
alvin
On Sat, 6 Oct 2001, Miquel van Smoorenburg wrote:
> In article <[EMAIL PROTECTED]>,
> Greg Fischer <[EMAIL PROTECTED]> wrote:
> >I'm administrating a network of Debian potato machines using NIS/NFS at
> >a small high school right now. We're behind a pretty beefy firewall,
> >but I still know it's not very secure. I couldn't get LDAP
> >authentication working and I only had 2 days to do the whole thing.
> >Probably at the end of the year, I am going to upgrade the lab to woody
> >(which will hopefully be stable) and reconsider
> >filesharing/authentication. I'd like each user to be able to sit down
> >at any workstation and be able to access their files. Any ideas?
>
> Well, do you know the background behind this? Why do you think NIS
> and NFS are insecure? Because someone told you? Why do you think
> LDAP is more secure (without SSL, it's *way less* secure - plaintext
> passwords over the wire!).
>
> I wouldn't worry too much about NIS and NFS abuse from the 'outside'-
> if you set up both properly that can only be accessed from within
> the local network anyway. So it's the local network you should be
> worried about,
>
> Do random people have access to the ethernet and can they plug
> in their own machines? Do you use hubs or switches? Do users
> have root access on their 'own' workstation?
>
> Once you can answer these questions, you can make an informed
> decision about what is and what isn't secure.
>
> Mike.
> --
> Move sig.
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
