Re: [foxboro] AW: Remote DM Using DHCP

• From: "Corey R Clingo" <clingoc@xxxxxxxxxxxxx>
• To: foxboro@xxxxxxxxxxxxx
• Date: Mon, 21 Mar 2005 09:20:19 -0600

>>Hi Wally,
>>where are the security risks?


Hoo, boy, what an open-ended question.  I probably don't need to tell 
everyone this, but there are _always_ risks when the system is connected 
to a network.  Each system owner accepts a certain level of risk that is 
(hopefully) outweighed by the benefits of remote access.


Ideally, you use static IP addresses _and_ username/password 
authentication -- "defense in depth", as the security folks call it.  More 
ideally, you use strong crypto too (i.e., ssh), because the 
username/password for the standard Solaris remote login utilities 
(rlogin/rexec, telnet) is sent in the clear, and those utilities,  at 
least on 2.5.1, contain known vulnerabilities for which published exploits 
exist.  And, of course, a firewall.  And assuming you are locked down 
tight on all that, then you have to wonder how many buffer overflows and 
format string vulnerabilities exist in Display Manager. Foxview, etc.  It 
never ends; there is always a trade-off between security and 
utility/usability.


Corey Clingo
BASF Corp.






"Weiss, Andreas" <Andreas.Weiss@xxxxxxxxx>
Sent by: foxboro-bounce@xxxxxxxxxxxxx
03/19/2005 10:51 AM
Please respond to foxboro

              To:  foxboro 
              cc: 
         Subject:       [foxboro] AW: Remote DM Using DHCP






> if that helps.  That is what I had to use to get DHCP=20
> working. Ironically,=20
> I just switched back to static addresses for security reasons.

Hi Wally,

where are the security risks?

The user will be asked at a user name and password before he can get
access to a solaris box. That is a good wall to prevent unauthorized
access in my eyes.

Andreas



 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
 

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription