On Sep 26, 2013, at 9:46 AM, Johnny Billquist <bqt at softjar.se> wrote:
On 2013-09-26 14:16, Sampsa Laine wrote:
While I did have an account on Deathrow, I was not all that familiar with
the users thereof.
The encourage security research, it attracts a certain type of person that I don't
want on my LAN (trust me, I used to be a penetration tester :) )
The problem is that if you want to be paranoid, then you should not be connected to HECnet
at all.
DECnet is a very bad protocol when it comes to network security.
In what way? Just like most of the Internet, it sends cleartext. Of course in HECnet
we can easily use IPSec (well, for some suitable definition of "easily" because
crypto usually requires some effort to configure). But apart from that, the security
assumptions in DECnet are basically the same as those in TCP/IP. If anything, they might
be slightly stronger: there is a semi-standard way of handling access control in the
Session layer rather than having it done differently (if at all) by each application.
There is event logging that can be used to capture some security-relevant events.
paul
Show replies by date