On Thu, 19 Apr 2001 [EMAIL PROTECTED] wrote:
> My questions are:1) is possible during the time rcp is active for
> sending the logs that someone will use it to copy or get some file
> with root privileges?
rcp uses no encryption, so sniffing the transfer is easy. injecting into
the transfer is also easy.
> 2) can i turn off the process rpc and still have the rcp active?
yes, as they are not related. they just share letters in their names.
> 3) it's more secure to send the log via ftp (for example implementing
> a VPN among the two machines?)
not really, you still have cleartext authentication and transmission, and
thus sniffing, hijacking, and insertion attacks are all still trivial.
solution: use the ssh suite, and scp in particular, to move the logs from
one host to another. use strong authentication (ie RSA public key crypto
authentication) and set up something like ssh-agent to do passwordless
authentication for automated transfers.
please go get the ssh book from oreilly (ssh: the definitive guide), it
will answer all of your questions. ssh just rocks for your purposes.
openssh is the preferred ssh implementation these days, and is available
for a variety of systems including UNIX and Win32.
i hope this helps.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
