Hello Scott -
On Sun, 31 Oct 1999, Scott Adkins wrote:
>
> I would suggest a couple new features that would allow the above suggestion
> from John work, similar to how Apache does it:
>
> <LIMIT>
> Order Deny,Allow
> AllowFrom <IP_PATTERN> <IP_PATTERN> ...
> DenyFrom <IP_PATTERN> <IP_PATTER> ...
> </LIMIT>
>
> In any the case, keep security in mind when configuring your radius server,
> even if you are sitting behind a firewall or router using filters.
>
Again IMHO - if you want to do filtering (and I really think you do), you
should be running something like ip-filter at the kernel level and *everything*
running on the box should be explicity listed in the filter config. Also,
everything that isn't required on the box should be explicitly *turned off*.
That way you know *exactly* what is running on the box and you know *exactly*
what is allowed to access those services that are running.
Believe me - an ounce of prevention is worth *tons* of care ....
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsod
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
