lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F16F132.9010007@telusplanet.net>
From: mckellar at telusplanet.net (Neil McKellar)
Subject: Odd Behavior - Windows Messenger Service

Schmehl, Paul L wrote:
> But, back to your original complaint, which was that remote services
> should not be available until you login to the console.....I'm willing
> to bet that *many* people who use *nix as a workstation, *even at home*,
> allow *at least* ssh sessions remotely.  And there are KaZaA lovers
> worldwide who are offering remote access to files, on numerous Oses,
> even when they're not at home and logged in.

I was wondering about this as well.  Even if you don't run a local FTP, 
HTTP, NFS, SMB, SSH, or other service on your local Linux workstation, 
you're guaranteed to be bringing up parts of the system to talk to the 
network during the boot process.  Chances are you're broadcasting for 
DHCP.  If you're a thin-client, you may be asking for tftp or bootp even 
before that.  If you're running a virus scanner, it may be starting in 
the background, downloading updates automatically from a central server 
and scanning files.  If you've got NIS, ADS, or Kerberos or something 
running, you may be hooking into local authentication systems.  These 
things are all true for Windows workstations and Mac workstations, too.

All these things require network connectivity, imply levels of trust 
with services inside the local network, and may be vulnerable to 
spoofing locally.  Even the order in which these things become available 
may result in greater or lesser exposure.

You don't want your workstations talking to the network or running local 
services with network connectivity before the user logs in?  Well, when 
is it renewing the DHCP lease?  How are you remotely pushing software 
updates or virus updates to those 1,000+ users?  How are you remotely 
administering the workstation at all?  How are you running backups over 
the network, if you need to do such things?

If you need complete lockdown on all these things, then this is no 
normal workstation and shouldn't be treated as such.  Don't be surprised 
if the default install isn't fulfilling your needs.
--
Neil (mckellar@...usplanet.net)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ