Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS

• From: Adam McKenna
• Date: Mon May 14 17:21:35 2001

On Mon, May 14, 2001 at 11:46:05AM -0400, Christopher A. Woodfield wrote:
> Reverse DNS by itself is insufficient for authentication, but 
> enforcing matching forward and reverse DNS entries is much more reliable 
> (no substitute for secret-based or cert-based authentication, but a good 
> "front door" for something like tcp wrappers). at last check, tcpd and sshd 
> can both be configured to block connections without matching forward/reverse 
> records.

No.  This is joke security, as is any security that relies on hostnames.  TCP
wrappers is basically worthless as a security measure unless you are using
IP-based rules.  And even then, it's deprecated in favor of kernel
firewalling (In Linux) or ipfilter (on BSD's and other platforms that support 
it).

--Adam

• Follow-Ups:
  • Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Christopher A. Woodfield

• References:
  • RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Roeland Meyer
  • Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Christopher A. Woodfield

• Prev by Date: Re: People who purchase unproven technologies to support their Business, and whine about it. RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
• Next by Date: Re: People who purchase unproven technologies...DSL
• Date Index
• Thread Index
• Author Index
• Historical