RFC2196 - Page 33

• Title: Site Security Handbook
• Author: B. Fraser
• Date: September 1, 1997

Page Navigation:

1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  41  42  43  44  45  46  47  48  49  50  51  52  53  54  55  56  57  58  59  60  61  62  63  64  65  66  67  68  69  70  71  72  73  74  75 

Printable Version: RFC2196.PDF

RFC 2196              Site Security Handbook              September 1997


   mistyped by authorized users, they only vary by a single character
   from the actual password.  Therefore if you can't keep such a log
   secure, don't log it at all.

   If Calling Line Identification is available, take advantage of it by
   recording the calling number for each login attempt.  Be sensitive to
   the privacy issues raised by Calling Line Identification.  Also be
   aware that Calling Line Identification is not to be trusted (since
   intruders have been known to break into phone switches and forward
   phone numbers or make other changes); use the data for informational
   purposes only, not for authentication.

4.5.4.5  Choose Your Opening Banner Carefully

   Many sites use a system default contained in a message of the day
   file for their opening banner. Unfortunately, this often includes the
   type of host hardware or operating system present on the host.  This
   can provide valuable information to a would-be intruder. Instead,
   each site should create its own specific login banner, taking care to
   only include necessary information.

   Display a short banner, but don't offer an "inviting" name (e.g.,
   University of XYZ, Student Records System).  Instead, give your site
   name, a short warning that sessions may be monitored, and a
   username/password prompt.  Verify possible legal issues related to
   the text you put into the banner.

   For high-security applications, consider using a "blind" password
   (i.e., give no response to an incoming call until the user has typed
   in a password).  This effectively simulates a dead modem.

4.5.4.6  Dial-out Authentication

   Dial-out users should also be authenticated, particularly since your
   site will have to pay their telephone charges.

   Never allow dial-out from an unauthenticated dial-in call, and
   consider whether you will allow it from an authenticated one.  The
   goal here is to prevent callers using your modem pool as part of a
   chain of logins.  This can be hard to detect, particularly if a
   hacker sets up a path through several hosts on your site.

   At a minimum, don't allow the same modems and phone lines to be used
   for both dial-in and dial-out.  This can be implemented easily if you
   run separate dial-in and dial-out modem pools.






Fraser, Ed.                Informational                       [Page 33]