[HECnet] Hooking up DECUSERVE / EISNER to HECnet?
Johnny Billquist
bqt at softjar.se
Thu Sep 26 17:07:08 PDT 2013
On 2013-09-26 17:49, Paul_Koning at Dell.com wrote:
On Sep 26, 2013, at 9:46 AM, Johnny Billquist <bqt at softjar.se> wrote:
On 2013-09-26 14:16, Sampsa Laine wrote:
While I did have an account on Deathrow, I was not all that familiar with
the users thereof.
The encourage security research, it attracts a certain type of person that I don't want on my LAN (trust me, I used to be a penetration tester :) )
The problem is that if you want to be paranoid, then you should not be connected to HECnet at all.
DECnet is a very bad protocol when it comes to network security.
In what way? Just like most of the Internet, it sends cleartext. Of course in HECnet we can easily use IPSec (well, for some suitable definition of "easily" because crypto usually requires some effort to configure). But apart from that, the security assumptions in DECnet are basically the same as those in TCP/IP. If anything, they might be slightly stronger: there is a semi-standard way of handling access control in the Session layer rather than having it done differently (if at all) by each application. There is event logging that can be used to capture some security-relevant events.
Already commented some further on this. And you are right.
Johnny
More information about the Hecnet-list
mailing list