Board index Solaris

Securing a dialup line on SPARC20 under Solaris 2.4

Securing a dialup line on SPARC20 under Solaris 2.4

Post by Bradley M. Ku » Tue, 31 Dec 1996 04:00:00



I would like to have a dialup modem attached to one of my SPARC20's, however,
I want it to be secure as possible.

One thing  that I used to do on my old AT&T System 5 R3.2.3  was use dialup
passwords, which Solaris doesn't seem to support.  Is it undocumented under
Solaris, or just non-existent.

I have /var/adm/loginlog created, so repeated failed logins will be placed
there, but that was the only login security I could find.....

I plan to get SKEY working to save us from password snooping, but IMHO, that
one is a little esoteric....I would like to set up things I can trust.

Is there any free software that does dial-backs?  Or perhaps a good login
replacement I should look at?

Any help would be appreciated.
--




 
 
 
Top

Securing a dialup line on SPARC20 under Solaris 2.4

Post by Phil Hutchins » Tue, 31 Dec 1996 04:00:00



>I would like to have a dialup modem attached to one of my SPARC20's, however,
>I want it to be secure as possible.

>One thing  that I used to do on my old AT&T System 5 R3.2.3  was use dialup
>passwords, which Solaris doesn't seem to support.  Is it undocumented under
>Solaris, or just non-existent.

>I have /var/adm/loginlog created, so repeated failed logins will be placed
>there, but that was the only login security I could find.....

>I plan to get SKEY working to save us from password snooping, but IMHO, that
>one is a little esoteric....I would like to set up things I can trust.

>Is there any free software that does dial-backs?  Or perhaps a good login
>replacement I should look at?

>Any help would be appreciated.
>--


Brad,

Motorola builds a really nice modem that can enforce security in one of
three flavors.    1) password  2) password with dialback  3) password with
dialback and confirming password.

Phil

=================================================================
Philip L. Hutchinson,  President     phone:  970-686-1211
ASP Technologies, Inc.                       800-516-0841
1200 Carousel Drive, Suite #103      fax:    970-686-7075
Windsor, Colorado   80550   USA

=================================================================

 
 
 
Top

Securing a dialup line on SPARC20 under Solaris 2.4

Post by Bradley M. Ku » Wed, 01 Jan 1997 04:00:00




>Motorola builds a really nice modem that can enforce security in one of
>three flavors.    1) password  2) password with dialback  3) password with
>dialback and confirming password.

I figured there were hardware solutions in modems out there, but I should have
mentioned that I can't buy any hardware to do this.  I have to use a few old
Cardinal 19200 modems.  I know, I know, 'the time I will spend looking for a
software solution, we could have just bought a modem' but unfortunately, my
management didn't ask me to make the dialup super-secure, I am just doing it
to be proactive and make sure I don't get in trouble later for not having
secure enough modems.  ;-)

But, if I am at a loss to find good software to add on, I might try to go the
hardware route.
--




 
 
 
Top

Securing a dialup line on SPARC20 under Solaris 2.4

Post by The Dream » Wed, 01 Jan 1997 04:00:00



> I would like to have a dialup modem attached to one of my SPARC20's, however,
> I want it to be secure as possible.

> One thing  that I used to do on my old AT&T System 5 R3.2.3  was use dialup
> passwords, which Solaris doesn't seem to support.  Is it undocumented under
> Solaris, or just non-existent.

FWIW, Solaris does do dialup passwords.  I forget where I came across the
information on setting it up....I think it was in one of the answerbooks.

Personally I don't like the way its done.....namely that it only prompts for
the dialup password if you get the login password right.

It should prompt for the dialup password unconditionally....and fail without
letting the user know if the login name is valid, the login password is valid
or the dialup password is valid.

--
 "Just a Crazy Engineer with an Amiga and a Newton MP130" - The Dreamer


 URL: http://www.agt.net/public/dreamer                 CIS: 74200,2431

 
 
 
Top

Securing a dialup line on SPARC20 under Solaris 2.4

Post by Kevin Higgin » Fri, 03 Jan 1997 04:00:00



>> I would like to have a dialup modem attached to one of my SPARC20's,
>> however, I want it to be secure as possible.
>> One thing  that I used to do on my old AT&T System 5 R3.2.3  was use
>> dialup passwords, which Solaris doesn't seem to support.  Is it
>> undocumented under Solaris, or just non-existent.

It is documented, AND very easy to implement; it's been awhile since
I did it, but I think it merely requires the addition of two small
text files to the /etc/ directory. (/etc/dialups/ and another whose
name escapes me).

I see some options for the security issue, though. The way we've
approached it (we will be running a very large WAN using point to
multipoint PPP between LANs).
1) Use AT&T's "cloud." This gives some security, in that it controls
who can dial into a number from a long distance carrier. It does not,
however, keep local calls out.
2) Implement dial-up passwords. It's so easy, there's NO reason not
to, and it does give an additional modicum of security.
3) Implement PPP and use PAP _and_ CHAP security. That will likely
be your strongest protection against dial-in instrusion (aside from
safeguarding your passwords! <g>).

Quote:> FWIW, Solaris does do dialup passwords.  I forget where I came
> across the information on setting it up....I think it was in one of
> the answerbooks. Personally I don't like the way its done.....namely
> that it only prompts for the dialup password if you get the login
> password right.

Yep, I agree with you on that "giveaway."  
--

    [ For how can a man die better, than facing fearful odds ]
 [ For the ashes of his fathers, and the vengeance of his gods? ]
 
 
 
Top

1. Kernel panic:Solaris 2.4:Sparc20

I am getting kernel panics left and right. This is a Sparc20 running
Solaris 2.4. This machine has had no problems in almost 10 months
of uptime.

Jun 28 07:22:42 warrior unix: panic: segmap_hashout
Jun 28 07:22:42 warrior unix: syncing file systems... [17] 61 [17] 61 [17] 61 [1
7] 61 [17] 61 [17] 61 [17] 61 [17] 61 [17] 61 [17] 61 [17] 61 [17] 61 [17] 61 [1
7] 61 [17] 61 [17] 61 [17] 61 [17] 61 [17] 61 [17] 61 done
Jun 28 07:22:42 warrior unix:  3717 static and sysmap kernel pages
Jun 28 07:22:42 warrior unix:   111 dynamic kernel data pages
Jun 28 07:22:42 warrior unix:   152 kernel-pageable pages
Jun 28 07:22:42 warrior unix:     1 segkmap kernel pages
Jun 28 07:22:42 warrior unix:     0 segvn kernel pages
Jun 28 07:22:42 warrior unix:   529 current user process pages
Jun 28 07:22:42 warrior unix:  4510 total pages (4510 chunks)
Jun 28 07:22:42 warrior unix: dumping to vp fc151e1c, offset 227521
Jun 28 07:22:43 warrior unix: Copyright (c) 1983-1994, Sun Microsystems, Inc.
Jun 28 07:22:43 warrior unix: vac: enabled in copyback mode

Any help?
--

Shift to the right!                  www   : http://www.winternet.com/~tanner
Push down, pop up                    phone : (612)943-8700
BYTE! BYTE! BYTE!                    motto : I program, therefore I am.

2. Installing linux with Window 95

3. read/write DOS diskkettes from Solaris 2.4 on a Sparc20

4. Wabi COM: port to a process?

5. Request: Tcsh binary for Solaris 2.4 on Sparc20

6. Aaaagh! Can't format HD!

7. Speedup Solaris 2.4 on a Sparc20?

8. ddi_create_minor_node in Solaris 9

9. Upgrading to Solaris 2.4 on SPARC20

10. Solaris 2.4 on SPARC20 - Initial Config questions?

11. Win95 dialup to Solaris 2.4 PPP

12. Solaris 2.4 PPP <----> Win95 Dialup PPP Anybody?

13. Secure NFS & Solaris 2.4


All times are UTC
Board index