Online Documentation Server
 ПОИСК
ods.com.ua Web
 КАТЕГОРИИ
Home
Programming
Net technology
Unixes
Security
RFC, HOWTO
Web technology
Data bases
Other docs

 


 ПОДПИСКА

 О КОПИРАЙТАХ
Вся предоставленная на этом сервере информация собрана нами из разных источников. Если Вам кажется, что публикация каких-то документов нарушает чьи-либо авторские права, сообщите нам об этом.




General Security Considerations Contents
Next: Authentication with PPP Up: The Point-to-Point Protocol Previous: Link Control Options

General Security Considerations

A misconfigured PPP daemon can be a devastating security breach. It can be as bad as letting anyone plug in their machine into your Ethernet (and that is very bad). In this section, we will discuss a few measures that should make your PPP configuration safe.

One problem with pppd is that to configure the network device and the routing table, it requires root privilege. You will usually solve this by running it setuid root. However, pppd allows users to set various security-relevant options. To protect against any attacks a user may launch by manipulating these options, it is suggested you set a couple of default values in the global /etc/ppp/options file, like those shown in the sample file in section-gif. Some of them, such as the authentication options, cannot be overridden by the user, and so provide a reasonable protection against manipulations.

Of course, you have to protect yourself from the systems you speak PPP with, too. To fend off hosts posing as someone else, you should always some sort of authentication from your peer. Additionally, you should not allow foreign hosts to use any IP-address they choose, but restrict them to at least a few. The following section will deal with these topics.



Andrew Anderson
Thu Mar 7 23:22:06 EST 1996


With any suggestions or questions please feel free to contact us