[Pipet Devel] new server up

J.W. Bizzaro bizzaro at bc.edu
Thu Mar 18 20:22:43 EST 1999


Carlos Maltzahn wrote:
> 
> Our passwords are going through the Internet in plain text. It's extremely
> easy to snoop them and then login. Red Hat's user friendly admin tools
> have the tendency to permit users to acquire root access among other
> things. RH's distributions are so unsecure that our department
> doesn't allow us to connect RH computers to the network inside the
> firewall.

Even _inside_ of a firewall?

I know of one case where password snooping led to a security breach on a Solaris
system.  They used one-time passwords after that...pain.

> I would recommend to put onsager behind a firewall and allow us to login
> through the firewall using ssh or at least one-time passwords.

UMass Lowell just doesn't seem so concerned about firewalls.

Actually, I just set up a Web server at Boston College using Red Hat.  But BC
has this firewall set up for every system on the network that prevents every
attempt to make a connection from the outside, which naturally blocks the Web
server.  I asked to have the firewall removed, and as nutty as they are about
security, BC said all I have to do is disable finger and update sendmail.

And the system administrator is a real Linux guru.  He seemed to have little
concern about using Red Hat.

> > > Jeff, are you planning to give us some tulip-related web space on onsager?
> >
> > Anything you want.  What did you have in mind?
> 
> I will start working at a company two months from now and eventually lose
> my CU account. At that point I'd like to have a neutral place for Paos. I
> was thinking about putting it on onsager -- but it needs to be more secure
> than it is now. I hate to discover one day that the Paos distribution
> contains a Trojan horse or something else ugly.

I would be honored to host PAOS.  We'll get this security problem settled.

> More generally, I think onsager is not a save repository for Tulip
> development right now.

Where do you think the biggest threat comes from, other developers or the
occasional cracker?


Jeff
-- 
J.W. Bizzaro                  Phone: 617-552-3905
Boston College                mailto:bizzaro at bc.edu
Department of Chemistry       http://www.uml.edu/Dept/Chem/Bizzaro/
--



More information about the Pipet-Devel mailing list