Hi there

I am looking at the best methods or products that can be used to
restrict access to UNIX machines. Does anyone have any recommendations
that you might be able to supply me.

i.e. programs that create limited life passwords


etc

Stephen

[ Post a follow-up to this message ]

Stephen <stephen.day@eps-hq.com> wrote:
quote:

> Hi there

quote:

> I am looking at the best methods or products that can be used to
> restrict access to UNIX machines. Does anyone have any recommendations
> that you might be able to supply me.

quote:

> i.e. programs that create limited life passwords


If you're looking for general information on Unix security, consider
picking up the latest edition of O'Reilly's "Practical Unix and
Internet Security" book. As for limited life passwords, there exist
built-in and/or third party tools for doing it under different OSes.
OPIE implements one-time passwords.  You can find it on google. There
might be similar commercial products but I haven't heard of any
myself. Also, many unix systems implement password aging, so you might
want to investigate whether your system's default password aging
support is good enough for your environment.


-akop

[ Post a follow-up to this message ]

Stephen <stephen.day@eps-hq.com> wrote:
quote:

> Hi there

quote:

> I am looking at the best methods or products that can be used to
> restrict access to UNIX machines. Does anyone have any recommendations
> that you might be able to supply me.

quote:

> i.e. programs that create limited life passwords


Depends on which *nix you are using, most have password aging
build-in, you perhaps just need to enable it, check the docs
of your OS.

As a rule of thumb, shut down any unneeded services, use ssh/scp
instead of telnet/ftp and other insecure r* services.

Use tcpwrapper if applicable.

Keep your system updated with the latest vendor patches.

Get a book about unix security, O'Reilly books tend to be quite
good.

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM

[ Post a follow-up to this message ]

Stephen <stephen.day@eps-hq.com> wrote:
quote:

> Hi there

quote:

> I am looking at the best methods or products that can be used to
> restrict access to UNIX machines. Does anyone have any recommendations
> that you might be able to supply me.

quote:

> i.e. programs that create limited life passwords


If you're looking for general information on Unix security, consider
picking up the latest edition of O'Reilly's "Practical Unix and
Internet Security" book. As for limited life passwords, there exist
built-in and/or third party tools for doing it under different OSes.
OPIE implements one-time passwords.  You can find it on google. There
might be similar commercial products but I haven't heard of any
myself. Also, many unix systems implement password aging, so you might
want to investigate whether your system's default password aging
support is good enough for your environment.


-akop

[ Post a follow-up to this message ]

Stephen <stephen.day@eps-hq.com> wrote:
quote:

> Hi there

quote:

> I am looking at the best methods or products that can be used to
> restrict access to UNIX machines. Does anyone have any recommendations
> that you might be able to supply me.

quote:

> i.e. programs that create limited life passwords


Depends on which *nix you are using, most have password aging
build-in, you perhaps just need to enable it, check the docs
of your OS.

As a rule of thumb, shut down any unneeded services, use ssh/scp
instead of telnet/ftp and other insecure r* services.

Use tcpwrapper if applicable.

Keep your system updated with the latest vendor patches.

Get a book about unix security, O'Reilly books tend to be quite
good.

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM

[ Post a follow-up to this message ]

You also can you a number of tools to scan your computers and the network to
test how secure they are. This is called penetration testing or pen testing
for short.
I've used tools like Nessus, nmap, nikto, whcc a bunch more, there is a lot
out there.
Try downloading a tool called Operator, http://www.ussysadmin.com/operator.
This bootable CD contains tons of security auditing tools and it all runs
from the CD, no installation requried.

Good luck dude
Bud

"Stephen" <stephen.day@eps-hq.com> wrote in message
news:a4e5eece.0307110118.3ca69793@posting.google.com...
quote:

> Hi there
>
> I am looking at the best methods or products that can be used to
> restrict access to UNIX machines. Does anyone have any recommendations
> that you might be able to supply me.
>
> i.e. programs that create limited life passwords
>
>
> etc
>
> Stephen

[ Post a follow-up to this message ]

You also can you a number of tools to scan your computers and the network to
test how secure they are. This is called penetration testing or pen testing
for short.
I've used tools like Nessus, nmap, nikto, whcc a bunch more, there is a lot
out there.
Try downloading a tool called Operator, http://www.ussysadmin.com/operator.
This bootable CD contains tons of security auditing tools and it all runs
from the CD, no installation requried.

Good luck dude
Bud

"Stephen" <stephen.day@eps-hq.com> wrote in message
news:a4e5eece.0307110118.3ca69793@posting.google.com...
quote:

> Hi there
>
> I am looking at the best methods or products that can be used to
> restrict access to UNIX machines. Does anyone have any recommendations
> that you might be able to supply me.
>
> i.e. programs that create limited life passwords
>
>
> etc
>
> Stephen

[ Post a follow-up to this message ]

On Fri, 11 Jul 2003 02:18:53 -0700, Stephen wrote:
quote:

> Hi there
>
> I am looking at the best methods or products that can be used to restrict
> access to UNIX machines. Does anyone have any recommendations that you
> might be able to supply me.
>
> i.e. programs that create limited life passwords
>
>
> etc
>
> Stephen


This is a link to the "Best Practices" guidlines for my university (where
I work). They may be specific to JHU in some places but overall they are
good general practices for setting up secure systems.

http://nts.jhmi.edu/es/infosec/

Links are down the page under "Best Practices Documents"

later...
--
Jeffrey D. Silverman | jeffrey AT jhu DOT edu
Johns Hopkins university | Baltimore, MD
Website | http://www.wse.jhu.edu/newtnotes/

[ Post a follow-up to this message ]

On Fri, 11 Jul 2003 02:18:53 -0700, Stephen wrote:
quote:

> Hi there
>
> I am looking at the best methods or products that can be used to restrict
> access to UNIX machines. Does anyone have any recommendations that you
> might be able to supply me.
>
> i.e. programs that create limited life passwords
>
>
> etc
>
> Stephen


This is a link to the "Best Practices" guidlines for my university (where
I work). They may be specific to JHU in some places but overall they are
good general practices for setting up secure systems.

http://nts.jhmi.edu/es/infosec/

Links are down the page under "Best Practices Documents"

later...
--
Jeffrey D. Silverman | jeffrey AT jhu DOT edu
Johns Hopkins university | Baltimore, MD
Website | http://www.wse.jhu.edu/newtnotes/

[ Post a follow-up to this message ]

On Thu, 17 Jul 2003 13:46:26 +0000, Chris F.A. Johnson wrote:
quote:

> On Thu, 17 Jul 2003 at 12:55 GMT, Jeffrey Silverman wrote: 
>
> Sorry!
>
> The web page you are looking for has been designated for use by computers
> within the Johns Hopkins campuses only.


hmm..

I was afraid that might happen

sorry about that!
--
Jeffrey D. Silverman | jeffrey AT jhu DOT edu
Johns Hopkins university | Baltimore, MD
Website | http://www.wse.jhu.edu/newtnotes/

[ Post a follow-up to this message ]