Great Circle Associates Firewalls
(July 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Bad Advise from Vendor
From: Christopher Klaus <cklaus @ shadow . net>
Date: Sun, 24 Jul 94 16:46:25 EDT
To: firewalls @ greatcircle . com

If you have an anonymous ftp server that can be accessed behind your
firewall, you might want to take an interest in this.

Here is some advise from Sun that I highly recommend you DO NOT DO.

If you look at the MAN page for ftpd, you will see the following 
advise: 

     the following rules are recommended. 
     ~ftp)
          Make the home directory owned by ``ftp'' and unwritable
          by anyone. 

I highly recommend you change that to owned by ``root''.  If anyone can log
in as ftp, there is nothing to stop them from doing SITE CHMOD 777 to the
main directory and putting .rhosts or .forward there allowing instant
access. 

With advise like that, who needs trojans? 

-- 
Christopher William Klaus  <cklaus @
 shadow .
 net>  <iss @
 shadow .
 net>
Internet Security Systems, Inc.         Computer Security Consulting
2209 Summit Place Drive,              Penetration Analysis of Networks
Atlanta,GA 30350-2430. (404)998-5871.


Follow-Ups:
Indexed By Date Previous: Hardware selection for firewall
From: Tony Li <tli @ cisco . com>
Next: Re: Security of Appletalk and Dial back modems
From: shibumi @ cisco . com (Kenton A. Hoover)
Indexed By Thread Previous: Re: Hardware selection for firewall
From: aegl @ stratus . swdc . stratus . com
Next: Re: Bad Advise from Vendor
From: Casper Dik <casper @ fwi . uva . nl>

Google
 
Search Internet Search www.greatcircle.com