[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] LDAP vs NIS



On Mon, 14 Jul 2003, Les Bell wrote:

> 
> Having the server on an RFC1918 Private IP address is a good move, as it
> means that external attackers can't route datagrams to it. Of course, if
> someone compromised your firewall. . . As for filtering to allow only local
> addresses (via either iptables or tcpwrappers) the problem with that is
> that it's fairly easy to spoof source IP addresses for connectionless
> protocols like UDP (and RPC/nfs/nis on top of that). Of course, when I say
> "fairly easy", the attacker has to know how to do it, and how to then
> exploit a higher-level vulnerability. I can't see the typical
> elementary-school kid being able to do that, but on a university campus,
> I'd be thinking differently.
> 
> Given your comment above about the unsophistication of your users, I'd say
> the risk is acceptable. ;)
> 
I would disagree.  It only takes one with a tool kit to get mud on your
whole effort.  Say some nice porno dropped into the principal's
folder....

<paranoid on>
There is always someone on your network who is smarter than you think
they are and probably smarter than you are.  Age does not matter.
</paranoid off>


------------------------------------------------------------------------
Jim Wildman, CISSP, RHCE                                jim rossberry com
http://www.rossberry.com

> I still wouldn't use NIS, though. But that's just me. . .
> 
> Best,
> 
> --- Les Bell, RHCE, CISSP
> [http://www.lesbell.com.au]
> 
> 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]