Unfortunately, this particular line of defence also elimiates the use
of the dial-up server for people on the road, since they don't know
what number they will be dialing in from. I have always used a couple
of things for dial-up:
1) Standard PPP username/password pair that is completely different
from any internal password (minimum 8 characters, minimum 2
non-alphanumeric)
2) Authentication to a back-end RADIUS server (ICRadius)
3) firewalling out the remote IP's from certain areas of the LAN
4) Domain authentication if you have a Windows domain
5) Assign IP addresses based on username/password so that different
people can access only what they need remotely.
C-Ya,
Kenny
"a.w.gaunt" wrote:
>
> Just thought I mention that we have some linux based
> dial-up servers and I'm quite pleased with them. For
> security, our first line of defense is to use the caller
> ID features of mgetty (which also integrates nicely with the
> ppp daemon as well). Caller ID is pretty hard to spoof
> so it alone will filter out a lot of war dialing kiddies
> since it won't even answer the phone for any number
> not expicitly authorized to call in. Of course, you will
> still want to use other means to insure your security.
> Just thought I'd mention this as first line of defense.
>
--
---------------------------------------------------
Kenneth E. Lussier
Geek by nature, Linux by choice
PGP KeyID C0D2BA57
Public key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0D2BA57
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
