| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 295.1 | | CURRNT::OTTEN | trespassers will be violated | Thu Nov 02 1989 15:55 | 11 |
| As I understand it, Task 0 has (under the reccomendations) to be
erased..
Most of our network /distributed systems use TASK 0 (eg STC, FTSV)
This produces interesting effects for the concept of distributed
processing.
Help!
David
|
| 295.2 | | CURRNT::RUSSELL | This is the dawning of the age of... | Thu Nov 02 1989 17:42 | 18 |
| It's a good point, David, and one that we are aware off.
I don't have a simple answer at this point, though.
The specific point about TASK ) has been known for quite some time,
and it hasbeen acknowledged that this is a security risk, and should
be disabled.
I thought FTSV didn't use TASK 0 anymore, but I'm not certain...
I don't know about STC; but thye statement for some time now has
been "Don't use TASK 0; use another (safer) method instead."
If this restriction is causing you a problem, please come and see
one of the Consultants Team.
Peter.
|
| 295.3 | Confusion over 0 and Task | PERKY::BRUNNOCK | Good drivers do it considerably... | Mon Nov 06 1989 14:54 | 17 |
| Dave,
there is a difference between the TASK object and object 0. Quite a few
applications use DECnet object 0 including CDD, DFS and SCA. However, it is NOT
object 0 that is the problem; it is the TASK object.
Any object can be defined as object 0. This is, if you like, the default
catch-all for objects. However, the TASK object is the only one that allows you
to execute a command file on a remote node (I won't tell you how but just take
it that you can) ;^). Removing (or diabling) the task object does not impact
any other object and shouldn't impact any application that has been properly
written.
By the way, FTSV uses the FAL object (number 17) to perform its copy.
regards,
Andy
|
| 295.4 | | SHAPES::ALFORDJ | Ice a speciality | Mon Nov 06 1989 17:52 | 11 |
|
How long is PHONE going to remain disabled ?
Our contact with the outside world is being gradually taken away
from us.
First Phone, no long distance calls allowed, whether DTN or external,
now VAXPhone, what will be the next to go ? NOTES ? MAIL ?
Surely there must be some slightly more constructive preventative
measures to combat these "nastys" that revoking valued resources.
|
| 295.5 | | CURRNT::OTTEN | Happyotter | Tue Nov 07 1989 09:08 | 7 |
| > (I won't tell you how but just take
>it that you can) ;^).
I wish you would.. We're trying to use STC to do this.... and it
seems to be VERY sensitive....
David
|
| 295.6 | | CURRNT::RUSSELL | This is the dawning of the age of... | Tue Nov 07 1989 10:23 | 32 |
| re .4;
>Our contact with the outside world is being gradually taken away
>from us.
>First Phone, no long distance calls allowed, whether DTN or external,
>now VAXPhone, what will be the next to go ? NOTES ? MAIL ?
Pardon? I've missed something... I haven't seen anything about
no long distance calls allowed (I presume we are talking
businesss related, of course!!)
The VAX PHONE object will remain disabled until the current
security related events cease happening. I can't be any more
precise than that, because steps are still being taken to
eradicate this little bugger.
I can only suggest that you use MAIL rather than PHONE; VAXmail
still gives instant delivery.....
And by the way, I'll just remined you that these security events
are considered DIGITAL CONFIDENTIAL; please don't discuss them
outside the office.
and re .5;
I'd strongly suggest you find a different (better?) way with STC.
Come and see one of the consultants if you'd like to discuss it
further.
Peter.
|
| 295.7 | | CHEST::CHAMBERS | _...but maybe in the next world | Tue Nov 07 1989 13:43 | 8 |
|
>> (I won't tell you how but just take
>>it that you can) ;^).
>
> I wish you would..
It is documented in loads of places eg. Pascal user guide, networking
guide etc.
|
| 295.8 | | CURRNT::OTTEN | Inscrutibles Unscrewed.. Free | Mon Nov 13 1989 12:25 | 8 |
| From more investigation:
If the Task 0 Object has an invalid username/password, then STC
still works. (it bypasses the Username/password with a Proxy.)
If the Task 0 Object doesn't exist, STC doesn't want to know.
David
|
| 295.9 | | CURRNT::BADMAN | Sex Object | Wed Nov 15 1989 17:51 | 15 |
| There are only two possible reasons I can think of for removing
PHONE - to stop people using the phone protocol to send anonymous
messages or to prevent someone finding out usernames on remote nodes.
The protocol CAN be abused, but it's pretty harmless (unless someone
has a stupid answerback) and usernames on remote machines can be
found through NOTES, ELF and several other possible sources.
So why disable Phone ? It seems like overkill if it's for either
of the reasons I mention.
Cheers,
Jamie.
|
| 295.10 | Normal service will be resumed asap | NECK::THOMPSON | Jerry Thompson (7)781-4421 | Thu Nov 16 1989 09:05 | 12 |
| The main reason for disabling PHONE was to stop our nodes being pestered
by the Worm. It gives up faster if PHONE is not available. This has a couple of
good effects...1)Nuisance Network traffic is reduced 2)System managers spend
less time following up login failure reports.
PHONE will be back. I would expect it to be around again by December;
but my guess is that to reinstate it before then would not be in the best
interests of ADG users.
If you have a dire need for access to PHONE then talk to the ADG system
Manglers. Maybe they'd be willing to let you get at PHONE on an MVII or similar,
but bear in mind that they charge peak-rate calls at extortionate rates.
|