Re: overcome NIS - Security

This is a discussion on Re: overcome NIS - Security ; matt_left_coast wrote: > Jan Pompe wrote: > > >>Huge wrote: >> >>>"ohovus_indus@yahoo.com" writes: >>> >>> >>>>Hi gurus, >>>> >>>>I could not find any hole in NIS after much thought, >>> >>> >>>Perhaps you should do your own homework? >>> >> ...

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 58

Thread: Re: overcome NIS

  1. Re: overcome NIS

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>Huge wrote:
    >>
    >>>"ohovus_indus@yahoo.com" writes:
    >>>
    >>>
    >>>>Hi gurus,
    >>>>
    >>>>I could not find any hole in NIS after much thought,
    >>>
    >>>
    >>>Perhaps you should do your own homework?
    >>>

    >>
    >>by the look of it he has but is asking for other opinions.

    >
    >
    > Um, by the look of it, he has NOT. With the glaring security issues
    > involving NIS, he could not have looked very hard.
    >

    Set it up properly and there aren't many security issues

  2. Re: overcome NIS

    On Wed, 30 Nov 2005 11:57:32 +1100, Jan Pompe wrote:
    > matt_left_coast wrote:
    >> Jan Pompe wrote:
    >>>Huge wrote:
    >>>>"ohovus_indus@yahoo.com" writes:


    >>>>>I could not find any hole in NIS after much thought,
    >>>>
    >>>>Perhaps you should do your own homework?
    >>>>
    >>>by the look of it he has but is asking for other opinions.

    >>
    >> Um, by the look of it, he has NOT. With the glaring security issues
    >> involving NIS, he could not have looked very hard.
    >>

    > Set it up properly and there aren't many security issues


    I suppose you mean with the passwords in a Kerberos database:
    http://www.vanemery.com/DAS/DAS-manual.html

    (Coupled with DNSSEC and NTP keys - maybe?)

    --
    -Menno.


  3. Re: overcome NIS

    Jan Pompe wrote:

    > matt_left_coast wrote:
    >> Jan Pompe wrote:
    >>
    >>
    >>>Huge wrote:
    >>>
    >>>>"ohovus_indus@yahoo.com" writes:
    >>>>
    >>>>
    >>>>>Hi gurus,
    >>>>>
    >>>>>I could not find any hole in NIS after much thought,
    >>>>
    >>>>
    >>>>Perhaps you should do your own homework?
    >>>>
    >>>
    >>>by the look of it he has but is asking for other opinions.

    >>
    >>
    >> Um, by the look of it, he has NOT. With the glaring security issues
    >> involving NIS, he could not have looked very hard.
    >>

    > Set it up properly and there aren't many security issues


    Even a FEW allows hacking. It does not take "many security issues" to allow
    hacking, only ONE.

    --



  4. Re: overcome NIS

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>matt_left_coast wrote:
    >>
    >>>Jan Pompe wrote:
    >>>
    >>>
    >>>
    >>>>Huge wrote:
    >>>>
    >>>>
    >>>>>"ohovus_indus@yahoo.com" writes:
    >>>>>
    >>>>>
    >>>>>
    >>>>>>Hi gurus,
    >>>>>>
    >>>>>>I could not find any hole in NIS after much thought,
    >>>>>
    >>>>>
    >>>>>Perhaps you should do your own homework?
    >>>>>
    >>>>
    >>>>by the look of it he has but is asking for other opinions.
    >>>
    >>>
    >>>Um, by the look of it, he has NOT. With the glaring security issues
    >>>involving NIS, he could not have looked very hard.
    >>>

    >>
    >>Set it up properly and there aren't many security issues

    >
    >
    > Even a FEW allows hacking. It does not take "many security issues" to allow
    > hacking, only ONE.
    >

    Certainly no worse than any wide open system.
    Se the post previous to yours.

  5. Re: overcome NIS

    Jan Pompe wrote:

    > matt_left_coast wrote:
    >> Jan Pompe wrote:
    >>
    >>
    >>>matt_left_coast wrote:
    >>>
    >>>>Jan Pompe wrote:
    >>>>
    >>>>
    >>>>
    >>>>>Huge wrote:
    >>>>>
    >>>>>
    >>>>>>"ohovus_indus@yahoo.com" writes:
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>Hi gurus,
    >>>>>>>
    >>>>>>>I could not find any hole in NIS after much thought,
    >>>>>>
    >>>>>>
    >>>>>>Perhaps you should do your own homework?
    >>>>>>
    >>>>>
    >>>>>by the look of it he has but is asking for other opinions.
    >>>>
    >>>>
    >>>>Um, by the look of it, he has NOT. With the glaring security issues
    >>>>involving NIS, he could not have looked very hard.
    >>>>
    >>>
    >>>Set it up properly and there aren't many security issues

    >>
    >>
    >> Even a FEW allows hacking. It does not take "many security issues" to
    >> allow hacking, only ONE.
    >>

    > Certainly no worse than any wide open system.


    Eh??? A wide open system has all sorts of "holes" (see the OP) and IS a bad
    thing to use on a network. Since wide open systems should not be used on a
    network and NIS is no worse than a wide open system, NIS should not be used
    on a network.

    Thanks for helping me prove that NIS is so insecure it should not be used on
    a network.

    > Se the post previous to yours.


    It was nonsense when I replied to it, it is still nonsense.



    --



  6. Re: overcome NIS

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>matt_left_coast wrote:
    >>
    >>>Jan Pompe wrote:
    >>>
    >>>
    >>>
    >>>>matt_left_coast wrote:
    >>>>
    >>>>
    >>>>>Jan Pompe wrote:
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>>Huge wrote:
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>"ohovus_indus@yahoo.com" writes:
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>>Hi gurus,
    >>>>>>>>
    >>>>>>>>I could not find any hole in NIS after much thought,
    >>>>>>>
    >>>>>>>
    >>>>>>>Perhaps you should do your own homework?
    >>>>>>>
    >>>>>>
    >>>>>>by the look of it he has but is asking for other opinions.
    >>>>>
    >>>>>
    >>>>>Um, by the look of it, he has NOT. With the glaring security issues
    >>>>>involving NIS, he could not have looked very hard.
    >>>>>
    >>>>
    >>>>Set it up properly and there aren't many security issues
    >>>
    >>>
    >>>Even a FEW allows hacking. It does not take "many security issues" to
    >>>allow hacking, only ONE.
    >>>

    >>
    >>Certainly no worse than any wide open system.

    >
    >
    > Eh??? A wide open system has all sorts of "holes" (see the OP) and IS a bad
    > thing to use on a network. Since wide open systems should not be used on a
    > network and NIS is no worse than a wide open system, NIS should not be used
    > on a network.
    >
    > Thanks for helping me prove that NIS is so insecure it should not be used on
    > a network.
    >


    Ther are a few other services which are equaaly insecure like nfs for
    instance which should aslo not run a network but then again we can
    always install a firewall.

    >
    >>Se the post previous to yours.

    >
    >
    > It was nonsense when I replied to it, it is still nonsense.
    >
    >
    >

    You didn't reply to it. You know the one posted by Menno Duursma before
    you replied. There are of course other ways to imporive security too.

    Perhaps you need a coffee.

  7. Re: overcome NIS

    matt_left_coast wrote:

    > Jan Pompe wrote:
    >
    >> matt_left_coast wrote:
    >>> Jan Pompe wrote:
    >>>
    >>>
    >>>>matt_left_coast wrote:
    >>>>
    >>>>>Jan Pompe wrote:
    >>>>>
    >>>>>
    >>>>>
    >>>>>>Huge wrote:
    >>>>>>
    >>>>>>
    >>>>>>>"ohovus_indus@yahoo.com" writes:
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>>Hi gurus,
    >>>>>>>>
    >>>>>>>>I could not find any hole in NIS after much thought,
    >>>>>>>
    >>>>>>>
    >>>>>>>Perhaps you should do your own homework?
    >>>>>>>
    >>>>>>
    >>>>>>by the look of it he has but is asking for other opinions.
    >>>>>
    >>>>>
    >>>>>Um, by the look of it, he has NOT. With the glaring security issues
    >>>>>involving NIS, he could not have looked very hard.
    >>>>>
    >>>>
    >>>>Set it up properly and there aren't many security issues
    >>>
    >>>
    >>> Even a FEW allows hacking. It does not take "many security issues" to
    >>> allow hacking, only ONE.
    >>>

    >> Certainly no worse than any wide open system.

    >
    > Eh??? A wide open system has all sorts of "holes" (see the OP) and IS a
    > bad thing to use on a network. Since wide open systems should not be used
    > on a network and NIS is no worse than a wide open system, NIS should not
    > be used on a network.
    >
    > Thanks for helping me prove that NIS is so insecure it should not be used
    > on a network.
    >
    >> Se the post previous to yours.

    >
    > It was nonsense when I replied to it, it is still nonsense.
    >
    >
    >
    > --


    "Thanks for helping me prove that NIS is so insecure it should not be used
    on a network."

    Why don't you take the 'I'm so superior' games to Slashdot, where they
    belong? Your hate-foo is weak, matt_left_coast. Mostly, you just come
    across as someone who's rude with every post, always having to prove
    themselves. What, are we supposed to worship you now? You've been rude
    enough to sufficiently cow everone? Get a grip. You aren't half as smart as
    your ego seems to demand that you be.

    If the Network Information Service shouldn't be used on a network, where,
    pray tell, *should* it be used? Ever worked in an environment with
    firewalled subnets, serious security policies, etc.? Where NIS might just
    be easy and cool, in the subnet where you need it? Where the subnet IDS can
    spot NIS exploits like water rolling off a duck's butt? I'm guessing no.

    Eventually, maybe you'll attend some LISA conferences or something, and
    realize that your experiences to date do *not* constitute the whole of
    computing.

    --
    GPG fingerprint: 95B3 2BDD 9152 1E7D A240 37C1 7AE2 9B71 0065 F029

  8. Re: overcome NIS

    Greg Metcalfe wrote:

    > matt_left_coast wrote:
    >
    >> Jan Pompe wrote:
    >>
    >>> matt_left_coast wrote:
    >>>> Jan Pompe wrote:
    >>>>
    >>>>
    >>>>>matt_left_coast wrote:
    >>>>>
    >>>>>>Jan Pompe wrote:
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>Huge wrote:
    >>>>>>>
    >>>>>>>
    >>>>>>>>"ohovus_indus@yahoo.com" writes:
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>>Hi gurus,
    >>>>>>>>>
    >>>>>>>>>I could not find any hole in NIS after much thought,
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>Perhaps you should do your own homework?
    >>>>>>>>
    >>>>>>>
    >>>>>>>by the look of it he has but is asking for other opinions.
    >>>>>>
    >>>>>>
    >>>>>>Um, by the look of it, he has NOT. With the glaring security issues
    >>>>>>involving NIS, he could not have looked very hard.
    >>>>>>
    >>>>>
    >>>>>Set it up properly and there aren't many security issues
    >>>>
    >>>>
    >>>> Even a FEW allows hacking. It does not take "many security issues" to
    >>>> allow hacking, only ONE.
    >>>>
    >>> Certainly no worse than any wide open system.

    >>
    >> Eh??? A wide open system has all sorts of "holes" (see the OP) and IS a
    >> bad thing to use on a network. Since wide open systems should not be used
    >> on a network and NIS is no worse than a wide open system, NIS should not
    >> be used on a network.
    >>
    >> Thanks for helping me prove that NIS is so insecure it should not be used
    >> on a network.
    >>
    >>> Se the post previous to yours.

    >>
    >> It was nonsense when I replied to it, it is still nonsense.
    >>
    >>
    >>
    >> --

    >
    > "Thanks for helping me prove that NIS is so insecure it should not be used
    > on a network."
    >
    > Why don't you take the 'I'm so superior' games to Slashdot, where they
    > belong? Your hate-foo is weak, matt_left_coast. Mostly, you just come
    > across as someone who's rude with every post, always having to prove
    > themselves. What, are we supposed to worship you now? You've been rude
    > enough to sufficiently cow everone? Get a grip. You aren't half as smart
    > as your ego seems to demand that you be.
    >
    > If the Network Information Service shouldn't be used on a network, where,
    > pray tell, *should* it be used? Ever worked in an environment with
    > firewalled subnets, serious security policies, etc.? Where NIS might just
    > be easy and cool, in the subnet where you need it? Where the subnet IDS
    > can spot NIS exploits like water rolling off a duck's butt? I'm guessing
    > no.
    >
    > Eventually, maybe you'll attend some LISA conferences or something, and
    > realize that your experiences to date do *not* constitute the whole of
    > computing.
    >


    Wow, such a personal attack, you seem to be the true hateful person here.
    Your hateful insults prove that you are the one that is playing the "I'm so
    superior" game here.

    --



  9. Re: overcome NIS

    Jan Pompe wrote:

    >>

    >
    > Ther are a few other services which are equaaly insecure like nfs for
    > instance


    So? That does not make NIS SECURE. The OP was asking about NIS being secure,
    not about securing the whole system.

    > which should aslo not run a network but then again we can
    > always install a firewall.


    Learn about security and who the treats are. In large organizations, a great
    deal of the hacking comes from INSIDE the firewall. Still,, the OP was
    asking if NIS was secure, your suggestion that a firewall is needed proves
    that even you do not think that NIS is secure, that it needs something else
    to be secure.

    >
    >>
    >>>Se the post previous to yours.

    >>
    >>
    >> It was nonsense when I replied to it, it is still nonsense.
    >>
    >>
    >>

    > You didn't reply to it. You know the one posted by Menno Duursma before
    > you replied.


    You mean where Menno Duursma asked you a question that you refused to
    answer? He never stated that passwords in a kerberos database actually
    makes NIS secure. Learn to read bud.

    > There are of course other ways to imporive security too.


    The OP was not talking to "improve security" He was asking if NIS was
    secure, there is a difference. Read his question!

    >
    > Perhaps you need a coffee.


    You need to learn to comprehend what the original posters are asking and to
    stop using your head as a suppository.

    --



  10. Re: overcome NIS

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>Ther are a few other services which are equaaly insecure like nfs for
    >>instance

    >
    >
    > So? That does not make NIS SECURE. The OP was asking about NIS being secure,
    > not about securing the whole system.
    >
    >
    >>which should aslo not run a network but then again we can
    >>always install a firewall.

    >
    >
    > Learn about security and who the treats are. In large organizations, a great
    > deal of the hacking comes from INSIDE the firewall. Still,, the OP was
    > asking if NIS was secure, your suggestion that a firewall is needed proves
    > that even you do not think that NIS is secure, that it needs something else
    > to be secure.


    What is your point?
    It's not designed to be secure except in a secure (firewalled) environment.
    >
    >
    >>>>Se the post previous to yours.
    >>>
    >>>
    >>>It was nonsense when I replied to it, it is still nonsense.
    >>>
    >>>
    >>>

    >>
    >>You didn't reply to it. You know the one posted by Menno Duursma before
    >>you replied.

    >
    >
    > You mean where Menno Duursma asked you a question that you refused to
    > answer?


    I didn't refuse to answer I just didn't think it needed one.

    He never stated that passwords in a kerberos database actually
    > makes NIS secure. Learn to read bud.


    The onoly way you are going to get 100% security is to pull the plug on
    the whole system but that's not very useful now is it?

    You have to learn not to be so rude.

    >
    >
    >>There are of course other ways to imporive security too.

    >
    >
    > The OP was not talking to "improve security" He was asking if NIS was
    > secure, there is a difference. Read his question!


    Was he?

    >
    >
    >>Perhaps you need a coffee.

    >
    >
    > You need to learn to comprehend what the original posters are asking and to
    > stop using your head as a suppository.
    >

    You are very rude.


  11. Re: overcome NIS

    Jan Pompe wrote:

    > matt_left_coast wrote:
    >> Jan Pompe wrote:
    >>
    >>
    >>>Ther are a few other services which are equaaly insecure like nfs for
    >>>instance

    >>
    >>
    >> So? That does not make NIS SECURE. The OP was asking about NIS being
    >> secure, not about securing the whole system.
    >>
    >>
    >>>which should aslo not run a network but then again we can
    >>>always install a firewall.

    >>
    >>
    >> Learn about security and who the treats are. In large organizations, a
    >> great deal of the hacking comes from INSIDE the firewall. Still,, the OP
    >> was asking if NIS was secure, your suggestion that a firewall is needed
    >> proves that even you do not think that NIS is secure, that it needs
    >> something else to be secure.

    >
    > What is your point?
    > It's not designed to be secure except in a secure (firewalled)
    > environment.


    That IS the point. Read the OP, he says he can not fine any security holes.

    >>
    >>
    >>>>>Se the post previous to yours.
    >>>>
    >>>>
    >>>>It was nonsense when I replied to it, it is still nonsense.
    >>>>
    >>>>
    >>>>
    >>>
    >>>You didn't reply to it. You know the one posted by Menno Duursma before
    >>>you replied.

    >>
    >>
    >> You mean where Menno Duursma asked you a question that you refused to
    >> answer?

    >
    > I didn't refuse to answer I just didn't think it needed one.


    You CAN"T.

    >
    > He never stated that passwords in a kerberos database actually
    >> makes NIS secure. Learn to read bud.

    >
    > The onoly way you are going to get 100% security is to pull the plug on
    > the whole system but that's not very useful now is it?
    >


    The question was not 100% security, it was that NIS has NO SECURITY HOLES.
    It does, as you have shown EVERYTHING DOES.

    > You have to learn not to be so rude.


    You need to learn to read.


    >
    >>
    >>
    >>>There are of course other ways to imporive security too.

    >>
    >>
    >> The OP was not talking to "improve security" He was asking if NIS was
    >> secure, there is a difference. Read his question!

    >
    > Was he?


    Learn to read, it is right there:


    "I could not find any hole in NIS after much thought, is it really that
    good?"

    Clearly he says he can not find security holes and is asking if NIS is
    "really that good". At NO POINT does he ask how to improve the security.

    Learn to read.

    >
    >>
    >>
    >>>Perhaps you need a coffee.

    >>
    >>
    >> You need to learn to comprehend what the original posters are asking and
    >> to stop using your head as a suppository.
    >>

    > You are very rude.


    Pointing out that you can not read and comprehend is not being rude, it is a
    statement of FACT.

    --



  12. Re: overcome NIS

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>matt_left_coast wrote:
    >>
    >>>Jan Pompe wrote:
    >>>
    >>>
    >>>
    >>>>Ther are a few other services which are equaaly insecure like nfs for
    >>>>instance
    >>>
    >>>
    >>>So? That does not make NIS SECURE. The OP was asking about NIS being
    >>>secure, not about securing the whole system.
    >>>
    >>>
    >>>
    >>>>which should aslo not run a network but then again we can
    >>>>always install a firewall.
    >>>
    >>>
    >>>Learn about security and who the treats are. In large organizations, a
    >>>great deal of the hacking comes from INSIDE the firewall. Still,, the OP
    >>>was asking if NIS was secure, your suggestion that a firewall is needed
    >>>proves that even you do not think that NIS is secure, that it needs
    >>>something else to be secure.

    >>
    >>What is your point?
    >>It's not designed to be secure except in a secure (firewalled)
    >>environment.

    >
    >
    > That IS the point. Read the OP, he says he can not fine any security holes.
    >
    >

    Where is the word "security" in his post.

    It doesn't have any security holes fool - it's simply not secure and
    that's no secret it is designed to run behind a firewall.

  13. Re: overcome NIS

    Jan Pompe wrote:

    > matt_left_coast wrote:
    >> Jan Pompe wrote:
    >>
    >>
    >>>matt_left_coast wrote:
    >>>
    >>>>Jan Pompe wrote:
    >>>>
    >>>>
    >>>>
    >>>>>Ther are a few other services which are equaaly insecure like nfs for
    >>>>>instance
    >>>>
    >>>>
    >>>>So? That does not make NIS SECURE. The OP was asking about NIS being
    >>>>secure, not about securing the whole system.
    >>>>
    >>>>
    >>>>
    >>>>>which should aslo not run a network but then again we can
    >>>>>always install a firewall.
    >>>>
    >>>>
    >>>>Learn about security and who the treats are. In large organizations, a
    >>>>great deal of the hacking comes from INSIDE the firewall. Still,, the OP
    >>>>was asking if NIS was secure, your suggestion that a firewall is needed
    >>>>proves that even you do not think that NIS is secure, that it needs
    >>>>something else to be secure.
    >>>
    >>>What is your point?
    >>>It's not designed to be secure except in a secure (firewalled)
    >>>environment.

    >>
    >>
    >> That IS the point. Read the OP, he says he can not fine any security
    >> holes.
    >>
    >>

    > Where is the word "security" in his post.


    it is IMPLIED with the word "hole".

    >
    > It doesn't have any security holes fool


    Since you reffer to "holes" as an security issue, why did you ask the stupid
    question above.

    > - it's simply not secure and


    How is that not a hole? In other words, if it is not secure, it has a
    security hole. In this case it is the fact that NIS was designed at a time
    when may security issues of today did not exist. NIS (as Yellow Pages) was
    designed before the masses got PC's and before companies were routinely
    connected to the internet. I know you are not that swift, but do you get it
    yet? The hole is that it is outdated and can not function safely in today's
    inviroment!

    >
    > that's no secret it is designed to run behind a firewall.


    Eh? show some proof that it was designed SPECIFICALLY to run behind a
    firewall!!! NIS has been around for a LONG time, I was using it well before
    companies connected to the internet. It was not designed to meet the
    security issues of today because those issued DID NOT EXIST when NIS was
    designed.

    Sorry bud, you are wrong.




    --



  14. Re: overcome NIS

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>matt_left_coast wrote:
    >>
    >>>Jan Pompe wrote:
    >>>
    >>>
    >>>
    >>>>matt_left_coast wrote:
    >>>>
    >>>>
    >>>>>Jan Pompe wrote:
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>>Ther are a few other services which are equaaly insecure like nfs for
    >>>>>>instance
    >>>>>
    >>>>>
    >>>>>So? That does not make NIS SECURE. The OP was asking about NIS being
    >>>>>secure, not about securing the whole system.
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>>which should aslo not run a network but then again we can
    >>>>>>always install a firewall.
    >>>>>
    >>>>>
    >>>>>Learn about security and who the treats are. In large organizations, a
    >>>>>great deal of the hacking comes from INSIDE the firewall. Still,, the OP
    >>>>>was asking if NIS was secure, your suggestion that a firewall is needed
    >>>>>proves that even you do not think that NIS is secure, that it needs
    >>>>>something else to be secure.
    >>>>
    >>>>What is your point?
    >>>>It's not designed to be secure except in a secure (firewalled)
    >>>>environment.
    >>>
    >>>
    >>>That IS the point. Read the OP, he says he can not fine any security
    >>>holes.
    >>>
    >>>

    >>
    >>Where is the word "security" in his post.

    >
    >
    > it is IMPLIED with the word "hole".


    Why!

    Now cut a hole in a piece of paper and then tell me how 'security is
    implied in the word 'hole' having done that cut a hole in the hole.

    Should be a simple excercise for an ego such as yours.
    >
    >
    >>It doesn't have any security holes fool

    >
    >
    > Since you reffer to "holes" as an security issue, why did you ask the stupid
    > question above.
    >


    You referred to security holes or issues in your first post on this
    thread. The thing is not secure and it's no secret so it's simply
    idiotic to talk about holes in it.

    If the whole truth be known I interpreted the original post as a
    sarcastic comment I might have been wrong about that but what I'm not
    wrong about is that you are egotistical and rude.

    >
    >>- it's simply not secure and

    >
    >
    > How is that not a hole? In other words, if it is not secure, it has a
    > security hole. In this case it is the fact that NIS was designed at a time
    > when may security issues of today did not exist. NIS (as Yellow Pages) was
    > designed before the masses got PC's and before companies were routinely
    > connected to the internet. I know you are not that swift, but do you get it
    > yet? The hole is that it is outdated and can not function safely in today's
    > inviroment!
    >
    >
    >>that's no secret it is designed to run behind a firewall.

    >
    >
    > Eh? show some proof that it was designed SPECIFICALLY to run behind a
    > firewall!!!


    It's not designed to run without one and that is logically equivalent.

    > NIS has been around for a LONG time, I was using it well before
    > companies connected to the internet.


    Sorry I do not believe you are that old.
    >


  15. Re: overcome NIS

    Jan Pompe wrote:

    >> Eh? show some proof that it was designed SPECIFICALLY to run behind a
    >> firewall!!!

    >
    > It's not designed to run without one and that is logically equivalent.
    >


    BULL ****. Are you making this up as you go along? You EXPLICLY stated that
    it was designed to run behind a firewall. Your statement is FALSE, PERIOD.
    Just how stupid are you.

    --



  16. Re: overcome NIS

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>>Eh? show some proof that it was designed SPECIFICALLY to run behind a
    >>>firewall!!!

    >>
    >>It's not designed to run without one and that is logically equivalent.
    >>

    >
    >
    > BULL ****. Are you making this up as you go along? You EXPLICLY stated that
    > it was designed to run behind a firewall. Your statement is FALSE, PERIOD.
    > Just how stupid are you.
    >

    You are a poor logician. "It was not designed to run without a
    firewall" is logically equivalent to "it was designed to run with a
    firewall" it's quite irrelevent whether it was specifically done that
    way or not.

    It boils down to it's no worse than any other network services in the
    UNIX environment that requires a firewall to be properly and securely
    set up. Which is my original point. If you want to provide netwrok
    services to a bunch of crackers thus having your problems in your own
    user space you might well have to go to extra lengths to secure it.

    You could start with getting a pair of roller skates to get from one
    machine to the next quickly to put out the spot fires.

  17. Re: overcome NIS

    Jan Pompe wrote:

    > You are a poor logician. "It was not designed to run without a
    > firewall" is logically equivalent to "it was designed to run with a
    > firewall" it's quite irrelevent whether it was specifically done that
    > way or not.


    No, it is NOT. What you are saying does not even make sense.

    "Not designed" Could mean total lack of any design regarding the issue.
    Something could "not designed to run without a firewall" without ANY intent
    to design it to run WITH a firewall.

    Is:

    My car was not designed to run without a iceberg.

    equivalent to:

    My car was designed to run with a iceberg?

    No. Wether or not my car would require an iceberg was not even a design
    consideration. So it was NOT _designed_ to run with OR without an iceberg.
    It was not designed or designed to run with an iceberg because an iceberg
    was not even considered in the design. In short, there was a total lack or
    design when it comes to running my car with an iceberg.

    Because there was no consideration of icebergs in the design, my car was not
    explicitly designed to run without an iceberg. There was no reason to
    consider icebergs in the design so NO design was included to account for
    icebergs one way or the other.

    Are you really that stupid?

    --



  18. Re: overcome NIS

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>You are a poor logician. "It was not designed to run without a
    >>firewall" is logically equivalent to "it was designed to run with a
    >>firewall" it's quite irrelevent whether it was specifically done that
    >>way or not.

    >
    >
    > No, it is NOT. What you are saying does not even make sense.
    >
    > "Not designed" Could mean total lack of any design regarding the issue.
    > Something could "not designed to run without a firewall" without ANY intent
    > to design it to run WITH a firewall.
    >
    > Is:
    >
    > My car was not designed to run without a iceberg.
    >
    > equivalent to:
    >
    > My car was designed to run with a iceberg?
    >


    That's right and both your statements are nonsense.


  19. Re: overcome NIS

    Jan Pompe wrote:

    > matt_left_coast wrote:
    >> Jan Pompe wrote:
    >>
    >>
    >>>You are a poor logician. "It was not designed to run without a
    >>>firewall" is logically equivalent to "it was designed to run with a
    >>>firewall" it's quite irrelevent whether it was specifically done that
    >>>way or not.

    >>
    >>
    >> No, it is NOT. What you are saying does not even make sense.
    >>
    >> "Not designed" Could mean total lack of any design regarding the issue.
    >> Something could "not designed to run without a firewall" without ANY
    >> intent to design it to run WITH a firewall.
    >>
    >> Is:
    >>
    >> My car was not designed to run without a iceberg.
    >>
    >> equivalent to:
    >>
    >> My car was designed to run with a iceberg?
    >>

    >
    > That's right and both your statements are nonsense.


    I did not think you were smart enough to understand. Thanks for proving your
    idiocy once again. I would try to explain it with words you understand but,
    unfortunately I can not do it using the words "Dick, Jane, Spot and Run".

    I will try again, unfortunately for you, I will have to use words longer
    than 4 letters. Please use a dictionary for words longer than 4 letters
    that you do not understand.

    Lets say I designed a network device that only only count packets it
    receives. There was absolutely NO consideration of "firewalls" in the
    design. Since I did not consider firewalls at all, I did not design it to
    run without a firewall. Thus the device was "not designed to run without a
    firewall". Since there was no consideration of firewalls, I did not design
    it to run WITH a firewall, so, it also was NOT designed to run WITH
    firewalls.

    I know the words are way to long for you, but I hope you can find an adult
    to explain it to you. If the design did not consider firewalls, then:

    The statement:

    not designed to run without a firewall

    Could be true while

    it is designed to run with a firewall

    would be false.

    Your claim that "not designed to run without a firewall" and "it was
    designed to run with a firewall" are logically the same is just plain BS.


  20. Re: overcome NIS

    On 2005-12-01, Greg Metcalfe wrote:

    > If the Network Information Service shouldn't be used on a network, where,
    > pray tell, *should* it be used? Ever worked in an environment with
    > firewalled subnets, serious security policies, etc.? Where NIS might just
    > be easy and cool, in the subnet where you need it? Where the subnet IDS can
    > spot NIS exploits like water rolling off a duck's butt? I'm guessing no.


    AFAIK, NIS doesn't transmit passwords over the network, just the hashes so
    each machine can use the hashes to authenticate. If someone has the access
    to sniff these NIS exchanges to pick up the hashes, there's somethimg else
    seriously wrong with your security that isn't directly related to NIS, and
    that person still needs to crack the hash (no trivial task) to find the
    password.

    --

    John (john@os2.dhs.org)

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast