Re: Enabling telnet, ftp, pop3 for root...

matt_left_coast <not@xxxxxxxxxx> (06-04-06 03:44:23):

... and authenticating. Your fault, if you allow root login without
authentication.

Where did I say ANYTHING about not using authentication.

You're presenting it like direct root login would be a total security
hazard and allow everyone to get in trivially.


I have seen nothing from you that shows HOW they would get in!

I'm not saying that it's trivial. But in your configuration an attacker
has a place to start with at least. They know, what to do to get it.
In fact, only the time needed to do it, makes an attack not very
practical. Sure, you're not likely to use weak passwords, and your SSH
port is hidden (by knockd or whatever). But still, the attacker has a
point to start at.


In most cases, it's not that hard to guess valid usernames.

In combination with the valid password from OUTSIDE the system? You're
joking right?

We were talking about usernames. Again you present it to be impractical
to get to know valid usernames. That's not true. And you fully rely on
security by obscurity. Knowledgable people will agree that 'direct'
security is much better. With 'direct' security I mean the following.

My machine's hostname is [kill.mine.nu] and my SSHd is running on port
58369. I moved it from port 22 to overcome useless bruteforce attacks
by script-kiddies and worms, not to hide my SSHd. Try to break in. Do
you need more informations about my system? I'll provide them; just
ask. You will still fail to break in. You won't even get the
opportunity to bruteforce, because password authentication is disabled.
Are you going to steal my hard-disk? No bother, just do. It's
encrypted and I have backups. That's direct security.


Looking over one's shoulders,

That limits things to just a FEW possible people, easily stopped by
looking to see who can see over your shoulder.

A little camera installed somewhere, when you're absent, would do as
well. A camera would not help in my case, because even if you get to
the passphrase of my key, you don't get to the key itself, rendering the
passphrase useless.


capturing traffic,

The traffic is encrypted.

If it's encrypted in a switched ethernet network, then read about ARP
poisoning and 'man in the middle' attacks. Encryption is useless in
those networks, without signatures (implicitly provided by 'proper'
authentication).


intercepting dialogues,

The ssh account is only used for remote login. It is not used in
unencypted dialogs. It also is set up to make virtually impossible to
do anything other than su, so adding a keystroke monitor would not be
possible.

I'm not talking about network dialogues, but non-electronic
conversations. You certainly don't encrypt them, unless you have some
kind of microprocessor built into your brain.


asking Google, whatever.

Wouldn't be found in google. It is relatively simple to make a user ID
and password that are not based on things easily guessed or found.

Using the 'wrong' newsreader or browser may well be enough to offer that
information to the open world wide web.


And you didn't consider that many attackers are not totally unknown
persons.

Yes, I have. That is why I don't use my everyday user name or password
for an ssh login account. That is why the user ID an passwords are not
even based on WORDS much less based on anything in my life.

Again, that's security by obscurity. I'm telling you (nearly)
everything about my system configuration. You still won't get in.


If someone wants to get to your system, then he has a reason to do
so, i.e. he already has some informations about you.

That does not mean they can guess the user name and password I have
used for ssh logins.

Sure, but maybe he does. I prefer to assume the worst case, and thus be
prepared against it.


They must then figure out how to get to root.

Logging into root directly via proper authentication mechanisms and
disallowing normal users to become root appears more secure to me.

Good thing you don't work on any of MY systems. Logging into the USER
via "proper authentication" then requiring a SECOND authentication is
more secure. Two layers of "proper authentication" is better than ONE!

Still, the system is only as secure as the first authentication required
(assuming that it provides shell access). And you are repeating, what I
have said. You are talking about 'proper authentication'. First,
passwords don't count here, because there are some problems about them
(see above). Second, by using 'proper authentication', you just don't
have the need for an intermediate login. So why make things
unnecessarily more complicated?


As of yet, you have not shown how you would get my login and password,
much less get TO my system since I use various methods to prevent even
the ssh port from being seen by ANYONE.

I don't say that it's easy to get into your system. I say, that you
rely on security by obscurity, and that I think, this is bad. You have
to keep secrets secret to ensure system security. If someone asked you,
"what is your username?", you would answer: "I won't tell you that".
That's the difference. I don't have or need to have any secrets (except
my passphrases of course). Even intercepting my passphrases (however)
or stealing my hard-disk wouldn't give you access to my system. What a
deal! So what's better?


Unless they knew how to get to my SSH port, they would not even be
able to TRY my password.

By the way, _if_ you use something like knockd, then discovering the
secret to get to your SSH port is as easy as sniffing.


You are switching context here. I'm talking about network security,
but you're talking about bubblegums.

I am talking about TOTAL security, if that is "switching context" by
your standards, then you don't know security.

There is no TOTAL security. As long as anyone can get into a system
(including legitimate access), it can theoretically be compromised. The
trick is to require the knowledge of a secret, and making the discovery
of that secret impractical to attackers.
.

Relevant Pages

  • Solaris Security Summary
    ... Administering Security on the Solaris OE ... Configuration control, facility management, and system ... Authentication: The ability to prove who you are. ...
    (comp.unix.solaris)
  • Re: WebBrowser
    ... With a Windows Authentication or Permission on a folder ... With this type of security you may be able to access the ... If the login page is a Username / Password textbox with a Submit or Login ... send requests to a web server and get some type of response / data back. ...
    (microsoft.public.vb.controls)
  • Re: Enabling telnet, ftp, pop3 for root...
    ... Where did I say ANYTHING about not using authentication. ... You're presenting it like direct root login would be a total security ... DON'T have access to the port. ...
    (alt.os.linux)
  • Re: Spoofing an IP over the internet
    ... The secure authentication script will support many levels of security, ... in case a hacker cost me very much bandwith what is my ...
    (Security-Basics)
  • Re: passwords
    ... different security domain ... by a public key (that has been registered in lieu of a shared-secret ... both originate as well as validate an authentication ... ... public key can't be used to originate an authentication ... ...
    (alt.computer.security)