[Pipet Devel] new server up

Dave Beck dave at arginine.umdnj.edu
Thu Mar 18 13:55:17 EST 1999


Tim has the idea...  I don't quite agree with Carlos's assesment of 
Red Hat's security flaws, but I don't think that matters if /etc/hosts.*
files were set up properly and only SSH, port 80, and perhaps anonymous
FTP were allowed from "unknown" hosts.  As far as Paos being on a server
that could be cracked, granted Carlos knows best of the potential dangers
of Paos, but it would seem to me that ANY machine is potentialy vulnerable
especially with man in the middle attacks possible.  If there is potential
for trojan horses being sent via Paos then Paos needs to deal with that
(by providing some kind of encryption / tamper proofing on its messages)
and not the server or operating system.  I don't think it is reasonable
to expect every locus server that might want to paticipate to ensure that
its local network and every network between source and destination be
secure and "tamper proof."  Its more realistic to put a seatbelt in every
car than it is to expect everyone to be a perfect driver.

Quoting Tim (jabbo at mindless.com):
> That reminds me, you should consider putting up a packet filter and only
> allowing connections on ports 80 and <whatever SSH uses; forgetting
> right now>.
> 
> Plaintext logins are a Bad Thing... SSH is a good thing.  And CVS can
> run inside of SSH (duh, but worth noting).
> 
> -- 
> 
>                 "A goal is a dream with a deadline."
> 
>                           -- Harvey Mackay

-- 
Dave Beck 
dave at arginine.umdnj.edu                 Sites of interest (set 1):
Computer Science and Biology            http://locus.umdnj.edu/nigms/
Drexel University, Philadelphia PA      http://www.bio.net/



More information about the Pipet-Devel mailing list