Re: Limiting Users Allowed Dial-up Access
From: Nico Kadel-Garcia (nkadel@bellatlantic.net)Date: 05/27/02
- Next message: Mike: "Re: Killing an active network connection"
- Previous message: Kasper Dupont: "Re: Killing an active network connection"
- In reply to: Ron Heiby: "Re: Limiting Users Allowed Dial-up Access"
- Next in thread: A. Marshall: "Re: Limiting Users Allowed Dial-up Access"
- Reply: A. Marshall: "Re: Limiting Users Allowed Dial-up Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net> Date: Mon, 27 May 2002 12:30:55 GMT
"Ron Heiby" <heiby_u@falkor.chi.il.us> wrote in message
news:d2n3fu41gquo0mqu06u78ll3jmi03ng23r@4ax.com...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> How do I prevent the normal users, who have basically the run of the
> machine, from being able to log in on the modem line?
*AAAHHH*. I see. To prevent outgoing calls, do not put them in the "uucp"
group and set the modem permissions to not allow read-write by others. To
prevent incoming, similarly, do not setup dial-up accounts for them or allow
them to execute the "pppd" program.
Setting up dial-up accounts securely is a different issue.
> (I ask this because I need to have a modem on the system for some
> special-purpose user ids. These special purpose ids *do* live in a
> restricted environment. I am not worried about them. I am confident that I
> can sufficiently restrict their environment to render them harmless to
> overall system security. However, I do not want to risk someone cracking
> the password on one of my normal users and logging in over the phone using
> that modem line I need for the special-purpose users. I am confident that
> the system is protected enough from potential Internet threats. My normal
> users can sign onto the machine over the Internet using SSH and PK
> encryption. I just need to be sure that someone *posing* as one of my
> normal users cannot log in over the modem.)
Gotcha. Hmm. Can you set up a "Radius" server, which has a challange system
distinct from normal user passwords? Or configure the modem system to be a
dial-back system to call back the users at a pre-specified number instead of
allowing random logins? And are you trying to defend against casual users
being careless, or real weasels who think they know better than you?
- Next message: Mike: "Re: Killing an active network connection"
- Previous message: Kasper Dupont: "Re: Killing an active network connection"
- In reply to: Ron Heiby: "Re: Limiting Users Allowed Dial-up Access"
- Next in thread: A. Marshall: "Re: Limiting Users Allowed Dial-up Access"
- Reply: A. Marshall: "Re: Limiting Users Allowed Dial-up Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
