Just as a hammer doth not a toolkit make, [x]inetd is only one tool in a toolkit. There are also tcp wrappers, chroot jails and many more, each of which has its appropriate use in configuring an environment to meet a security policy or model. One cannot make a comment about the (in)security of [x]inetd any more than one can make a comment about the (in)ability of a hammer to handle screws.
For what it does, [x]inetd is a suitable component in the complete implementation of an articulated security model and policy. -- Bhaskar On Mon, 2005-08-01 at 11:42 -0500, Nancy Anthracite wrote: > What about allowing login using authorized keys only with limited > privileges > and limiting the ports that can be accessed and the programs that can > be run > on those ports. > > On Monday 01 August 2005 12:05 pm, Aylesworth Marc A Ctr AFRL/IFSE > wrote: > > It is considered a security risk by some people because it gives > anyone > > that can reach the computer on the LAN you can get a remote desktop > by > > guessing username and passwords. It is mostly used fro local > connections in > > a LAN that is behind a firewall and has limited access from the > Internet > > usually by a firewall. > > > > Thanks > > > > Marc Aylesworth > > > > C3I Associates > > > > AFRL/IFSE > > > > Joint Battlespace Infosphere Team > > > > 525 Brooks Rd > > > > Rome, NY 13441-4505 > > > > Tel:315.330.2422 > > > > Fax:315.330.7009 > > > > Email: [EMAIL PROTECTED] > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > Stephen > > K. Miyasato > > Sent: Friday, July 29, 2005 3:07 PM > > To: hardhats-members@lists.sourceforge.net > > Subject: Re: [Hardhats-members] Short cut for connection Windows GUI > < > > > > >OpenVista Server > > > > I know very little about using [x]intetd in Linux and I thought I > would ask > > the Linux specialist(s) here if that may be a security risk or if > there are > > any downside to using this process. > > > > Thanks very much for you input. > > > > Stephen K. Miyasato > > Pacific Telehealth and Technology Hui > > > > > > ----- Original Message ----- > > From: "K.S. Bhaskar" <[EMAIL PROTECTED]> > > To: <hardhats-members@lists.sourceforge.net> > > Sent: Friday, July 29, 2005 7:58 AM > > Subject: Re: [Hardhats-members] Short cut for connection Windows GUI > < > > > > >OpenVista Server > > > > > > On Fri, 2005-07-29 at 12:31 -0500, Nancy Anthracite wrote: > > >> There were instructions posted, but I would encourage you to wait > on > > >> trying to > > >> implement that as I have been working with this system, we are > testing > > >> it out > > >> using different machines and finding some tweaking is desireable. > As > > >> soon as > > >> I can, I will post some instructions that will walk you through > it. > > >> However, > > >> even if you do that, it has a port specified in advance. > > > > > > I'll wait! > > > > > > I understand that the port is specified in advance, but unlike the > "pool > > > of servers" approach, deploying a service under [x]inetd means > that you > > > can have as many servers as needed by the clients that actually > connect. > > > You advertise one port, say, 9200, as the port for CPRS GUI > clients to > > > connect to, and [x]inetd just fires up a new process for each > client. > > > Furthermore, the server processes simply terminate when clients > > > disconnect, so shutting down becomes simpler. > > > > > > -- Bhaskar > > > > > > > > > > > > ------------------------------------------------------- > > > SF.Net email is sponsored by: Discover Easy Linux Migration > Strategies > > > from IBM. Find simple to follow Roadmaps, straightforward > articles, > > > informative Webcasts and more! Get everything you need to get up > to > > > speed, fast. > http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > > > _______________________________________________ > > > Hardhats-members mailing list > > > Hardhats-members@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/hardhats-members > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: Discover Easy Linux Migration > Strategies > > from IBM. Find simple to follow Roadmaps, straightforward articles, > > informative Webcasts and more! Get everything you need to get up to > > speed, fast. > http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > > _______________________________________________ > > Hardhats-members mailing list > > Hardhats-members@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/hardhats-members > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: Discover Easy Linux Migration > Strategies > > from IBM. Find simple to follow Roadmaps, straightforward articles, > > informative Webcasts and more! Get everything you need to get up to > > speed, fast. > http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > > _______________________________________________ > > Hardhats-members mailing list > > Hardhats-members@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/hardhats-members > > -- > Nancy Anthracite > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration > Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Hardhats-members mailing list > Hardhats-members@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/hardhats-members > ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members