[HECnet] Hooking up DECUSERVE / EISNER to HECnet?
Paul_Koning at Dell.com
Paul_Koning at Dell.com
Thu Sep 26 16:49:05 PDT 2013
On Sep 26, 2013, at 9:46 AM, Johnny Billquist <bqt at softjar.se> wrote:
On 2013-09-26 14:16, Sampsa Laine wrote:
While I did have an account on Deathrow, I was not all that familiar with
the users thereof.
The encourage security research, it attracts a certain type of person that I don't want on my LAN (trust me, I used to be a penetration tester :) )
The problem is that if you want to be paranoid, then you should not be connected to HECnet at all.
DECnet is a very bad protocol when it comes to network security.
In what way? Just like most of the Internet, it sends cleartext. Of course in HECnet we can easily use IPSec (well, for some suitable definition of "easily" because crypto usually requires some effort to configure). But apart from that, the security assumptions in DECnet are basically the same as those in TCP/IP. If anything, they might be slightly stronger: there is a semi-standard way of handling access control in the Session layer rather than having it done differently (if at all) by each application. There is event logging that can be used to capture some security-relevant events.
paul
More information about the Hecnet-list
mailing list