joda@pdc.kth.se (Johan Danielsson) wrote:
> Colin Wood <ender@is.rice.edu> writes:
> > This is not allowed as it is a security risk to let root log in from
> > an unsecure terminal.
> 
> And the obvoius question is of course then: why is su-ing considered a
> more secure way of logging in? In both situations you are passing the
> root-password in the clear. (I assume that you aren't using Kerberos
> or something similar).

The idea of direct root login is dangerous due to the ever-simple
brute force attack on the password file.  But if you can't log in
directly as root, then you now have to crack at least two passwords on
the machine; a su-able user, and the root password.  This is an
'older' method of gaining root access on a system, but its still
around.  Mainly because its easy to do.

Another reason for su-ing is the audit trail it leaves.  However,
anyone who has root can edit your log file... firewall systems often
have a printer dedicated to printing anything going to the syslog.

Sniffing is a 'newer' attack method with more subtlety and thus harder
to defend against.  Some defenses are to encrypt your traffic or use
one-time passwords.  Sniffing is *very* widespread.  CERT claims to
receive several incidents per week related to an attacker sniffing a
network.  Scripts to exploit bugs in system software are also pretty
big.  Vulnerabilities in software are rampant.  Especially the system
library bugs/holes which affect lots and lots of programs.

In response to another message in this thread, all of the major
commercial UNIXen (AIX, Solaris, Ultrix, HPUX) allow direct root
logins by default.  But most of them do have ways of preventing the
same.  /etc/ttys is one method, AIX's extended security setup is
another.

Paranoia is a required skill for success for systems and network folk.
The moment you stop being paranoid is the moment they get you. :)

--------------------------------------------------------------------------
jkrage@access.digex.net    Do you understand why this happened? No? Learn.