[2674] in SIPB_Linux_Development
access_on and encryption
daemon@ATHENA.MIT.EDU (Angie Kelic)
Sun Feb 21 10:42:34 1999
To: linux-dev@MIT.EDU
Date: Sun, 21 Feb 1999 10:42:14 EST
From: Angie Kelic <sly@MIT.EDU>
In the current configuration when a user types
access_on to access on their machine, it runs an
encrypted optional telnetd and ftpd out of /etc/athena/inetd.conf
I'd really like to see us change the flags to -a off -E to require
encryption. Since the majority of compromised accounts at
MIT come from unencrypted telnet connections to/from resnet
machines I would much rather have an environment where a user
really has to know what they're doing to turn off encrypted access
rather than having to know what they're doing to turn it on.
Yes, this would require them to get a srvtab as well and perhaps
the documentation should do a better job of explaining that rather
then just saying "for remote access type access_on". We have some
control over the software we are distributing and I think we should
take a proactive step toward making MITnet more secure rather
than giving users an easy out that is a security risk.
--Angie
******************************************************
The goal of engineering is to build better mousetraps.
The goal of nature is to build better mice.
******************************************************
