Re: access from monitoring host

From: Krzysztof Zaraska (kzaraska@student.uci.agh.edu.pl)
Date: 10/02/01 

Date: Tue, 2 Oct 2001 23:03:23 +0200 (CEST)
From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
To: Alexey Koptsevich <alex@astro.su.se>

On Tue, 2 Oct 2001, Alexey Koptsevich wrote:

>
> Hello,
>
> There is a discussion about ways of access from centralized monitoring
> host at
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html
>
> Except for its network traffic, NFS is the least visible method - allowing
> you to monitor the filesystems on each client box virtually undetected. If
> your limited-access server is connected to the client boxes through a
> switch, the NFS method is often the better choice. If your limited-access
> server is connected to the client boxes through a hub, or through several
> layers of routing, the NFS method may be too insecure (network-wise) and
> using ssh may be the better choice even with the audit-trail tracks that
> ssh lays.
>
> I dp not understand, why access method should be different in cases when
> monitoring host is behind the switch or connected through the hub?
If your network is connected with a switch then all traffic between hosts
A and B is not visible by any other host; if it is otherwise, all other
hosts on this Ethernet segment can see this traffic. So, if someone on
this segment has bad will s/he can watch your NFS transfers or even insert
data in your session. The same applies if both hosts are on distant
networks and the traffic goes through multiple untrusted networks.

Generally use of unencrypted connections over untrusted environment for
administrative work and authorization is not acceptable.

Krzysztof

>
> Thanks,
> Alex
>
> PS Please cc: me your reply.
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Network of 2 desktops, 1 laptop, all WinXP
    ... > Does your host use Zone Alarm?? ... >> proper connections. ... >>> Network CD copied and loaded to a laptop connected by wireless router ... >>> does not show on the second desktop as being part of the network. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Network of 2 desktops, 1 laptop, all WinXP
    ... Does your host use Zone Alarm?? ... > proper connections. ... >> I have set up a network from my own computer as host with the ... >> does not show on the second desktop as being part of the network. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Any good method to check network overload?
    ... The problem is that MRTG is too limited in its scope to be an effective ... Mark Reardon post summed up the problems of network load testing. ... Additional monitoring software on a host adds further delay, ...
    (Security-Basics)
  • Re: sygate and shields up
    ... >> The WAN connections don't ... it is possible to completely hide an host in a network - just ... the host is invisible to the rest of the network. ... Sometimes, one is doing this for sniffing purposes, for example. ...
    (comp.security.firewalls)
  • Re: Lan Wifi Network
    ... Like the bandwith each ... >computer uses and the lenght of time of connections? ... we need to know *WHAT* you are monitoring. ... you're unspecified network devices might not have SNMP. ...
    (alt.internet.wireless)