David_J_Buerger@cup.portal.com (12/08/87)
Aside from standard password schemes, directory rights, etc., what do some of your LAN managers do to keep security tight on your systems? Do old employees try to sneak in a mess things up? How good are users at logging off when they walk away from their desks? How do you deal with asynch dial up requests? Is it a Pandora's Box re the security issue? dbuerger@scu.bitnet
kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) (12/15/87)
In article <1858@cup.portal.com> David_J_Buerger@cup.portal.com writes: > >Aside from standard password schemes, directory rights, etc., >what do some of your LAN managers do to keep security tight on >your systems? Do old employees try to sneak in a mess things up? >How good are users at logging off when they walk away from their >desks? How do you deal with asynch dial up requests? Is it a >Pandora's Box re the security issue? > The question as stated is a host security issue. I differentiate between "login" or "host" security and network security. I don't know whether David intended the distinction. As a network manager I assume the presence of good host security and will work together with any sa to fix those kind of problems. A typical example is a host without good hardware connect/disconnect signaling on our terminal network. A user-initiated forced disconnect can leave a session hanging. Beyond these kind of technical issues I do not worry about login security, or user file permissions or linked files. But, yes, network security is a Pandora's Box. There was a discussion [was it here on this group?] not long ago when I made the rash statement that network security was not yet an issue. Several people took pains to set me right, as you may recall. The best responses that I saw mentioned routers and bridges as a necessary first step toward good network management and security. David Wasley, among others, described how he had set up dual Ethernets with one secure (relatively) and the other untrusted. I myself am looking for a way to allow academic staff to use their academic workstations for administrative functions. This would require that both secure and untrusted sessions occur over the same ethernet. Someone from Athena said that they were going to release their validation protocol, Kerebos, to the public. This protocol, if released, will be the best thing since X windows out of Athena. It validates resource access, including login, with encrypted exchanges between workstation and validation server. I think they said that currently they did not encrypt sessions, but their current functionality protects passwords. I think that Kerebos, adopted as a standard, is the next best thing to session encryption and will satisfy security requirements for many for a while. Someone else ominously stated that they had a way (which they could not reveal) to thwart routers, but I do not know what kind of threat that is to router-based networks. Those kind of statements, including one person who said for $1.98 he had set up a Lan analyzer and sucked off all the e-mail traffic for an afternoon, worry me a little. (a lot :-) Ungermann-Bass recently announced at their user group meeting a DES hardware session encryption NIU with an access key, a literal key for a box on the NIU that enabled access. This sounds like the way to go for secure sessions with good interactive performance. Their box doesn't scramble all the headers, only the data or all but the Ethernet headers. I haven't analyzed the situation enough to know just how many headers you can leave in the clear but I imagine you could just encrypt data within IP, if necessary. It depends on whether you use bridges or routers. Perhaps other vendors are working on encrypted session hardware, too. I would like to see Kerebos for login security on all our host logins. I would also like to have the DES hardware for selected pieces of equipment. Perhaps someday Sun will install DES chips in their servers and workstations and we can encrypt all the sessions when we want to. Meanwhile, judicious use of bridges and routers and careful watching will have to do. -- ------------------------------------------------------------------- Kent W. England | Boston University Network & Systems Engineering Group | Information Technology kwe@bu-it.bu.edu internet | 111 Cummington Street itkwe@bostonu BITnet | Boston, MA 02215 harvard!bu-cs!kwe UUCP | (617) 353-2780 -------------------------------------------------------------------
wesommer@athena.mit.edu (William Sommerfeld) (12/15/87)
In article <17429@bu-cs.BU.EDU> kwe@bu-it.bu.edu (Kent England) writes: > Someone from Athena said that they were going to release their >validation protocol, Kerebos, to the public. This protocol, if >released, will be the best thing since X windows out of Athena. Nit 1: 'X Windows' is poor usage; the proper term for it is 'X' or 'The X Window system'. Nit 2: The authentication system is spelled "Kerberos" (the Greek spelling of Cerberus), after the three-headed dog guarding Hades in Greek mythology. Kerberos itself is only an authentication protocol; the authentication protocol provides a way for a client of a service to prove that it really is who it claims to be. This is done through the use of some simple cryptographic techniques; the end result of a successful exchange is that both client and service have their hands on a session key which they can use to encrypt further traffic. Most applications don't, but some (especially the service which provides a way for someone to change their Kerberos password) do encrypt their transactions, and are quite paranoid about what they find... Kerberos is not a replacement for session encryption; it is instead a way to distribute session keys (which, if you want to do session encryption, you have to find a way to do). Last I heard, the release of a beta-test version of Kerberos should come some time in February or March. Bill Sommerfeld wesommer@athena.mit.edu MIT Project Athena