Project Athena ( was Re: Non Destructive Version of rm)
Perry E. Metzger
metzger at watson.ibm.com
Tue May 14 08:07:31 AEST 1991
In article <13043 at dog.ee.lbl.gov> torek at elf.ee.lbl.gov (Chris Torek) writes:
>The basic problem here is that the network itself is physically
>accessible as well, and such access can be nearly untraceable. Your
>average Ethernet or fiber optic cable can be `wiretapped' without too
>much difficulty and with little chance of detection. If this is done,
>sessions can be recorded and/or played back, and the `tapping' machine
>can stand in the stead of another, previously existing machine.
Not to contradict Chris, who knows a whole lot more than I can ever
hope to, but...
1) Fiber is hard to tap. Well, not that hard, but harder than cable.
and..
>The Athena security system provides a variable amount of defense
>against this sort of intrusion. If you wiretap and collect someone's
>tickets, you can use playback methods to gain access for the duration
>of the ticket.
2) You CANT record and play back tickets! The tickets are sent back to
the user via a secure channel (they are encrypted in the users
password!), and even if you see an instance of a ticket wizzing by
on the network, you have only a couple of seconds to replay it as I
recall, PLUS it would probably not work anyway if the service is
keeping track of request id's, or so I recall. The REAL risk is
someone broke in to your workstation and grabs your tickets when
they get stored on your local machine.
Perry
More information about the Comp.unix.admin
mailing list