[nSLUG] Security on dialup

Vlado Keselj vlado at cs.dal.ca
Wed Feb 26 10:03:09 AST 2014


My 2 cents (might not be very helpful -- sorry):

1. My simple rule: Simply forget about rsh, rlogin, and similar.  Telnet 
may be useful for debugging servers and similar, if you know what you are 
doing.  Always use ssh. (And live relatively worry-free. :-)

2. For syncronizing time, I would try to use the standard NTP protocol.
With internet connection, you can use a daily cron job with the following 
commands:

/usr/sbin/ntpdate time.nrc.ca
/usr/sbin/hwclock --systohc

(Assumes installed ntpdate package.)

This gets nearly perfect time and sets the hardware clock accordingly.  
BIOS clocks are quite inaccurate in my experience: some will drift even
11 seconds a day, so running this daily is a good idea.

Without Internet connection, this would require running NTP server on your 
main machine.

3. Going back to the original question: rsh is probably not allowing 
loggin in as a root, which is a good idea.  While you need to be a root on 
"grody", you do not have to be a root on "nudel", so why not use a user 
account, something like:

grody-root% date -s `rsh -l user1 nudel date`

Regards,
Vlado

On Wed, 26 Feb 2014, Ben Armstrong wrote:

> On 02/26/2014 02:56 AM, Mike Spencer wrote:
> > If I had an always-on high speed internet connection, there are
> > several things I'd have to change, I guess.  As it is, one box is
> > episodically on the net by dial-up.
> 
> It's a game of percentages, isn't it? Always-on high speed internet
> means more time for the attacker to attack you, but how long, exactly,
> do you think it takes for an attack to succeed? I think an admin on a
> system connected via dialup should be every bit as careful about
> security as one on high speed Internet.
> 
> Ben
> 
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
> 


More information about the nSLUG mailing list