[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A better Linux based firewall installation?
- To: Ilya Konstantinov <linux-il(at-nospam)future.galanet.net>
- Subject: Re: A better Linux based firewall installation?
- From: Gilad Ben-Yossef <gilad(at-nospam)benyossef.com>
- Date: Wed, 29 Nov 2000 19:46:42 +0200
- CC: Linux-IL <linux-il(at-nospam)cs.huji.ac.il>
- Organization: Great Illuminated Seers of Bavaria
- References: <Pine.LNX.3.96.1001128214741.951A-100000@localhost> <3A24DF78.3030203@benyossef.com> <20001129192022.A5298@pollux.galanet.net>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.12-20 i686; en-US; m18) Gecko/20001107 Netscape6/6.0
Ilya Konstantinov wrote:
> On Wed, Nov 29, 2000 at 12:50:32PM +0200, Gilad Ben-Yossef wrote:
>
>> Other methods of configuration could be very well added. How about
>> attaching an GSM phone to the machine and accepting instruction only
>> from SMS messages coming from a certain phone number.
>
>
> That's a rather insecure way, BTW.
> Any company with direct access to the GSM exchange can create
> messages with whatever source numbers they want.
A security measure is never meassured in terms of the aboslute
protection its provides but rather in terms of how easy or hard it is to
circumvent it the alternatives.
Any attacker which is after your stuff and is able to penetrate a GSM
exchange and send an unauthrized message without anyone noticing
(remember that banks rely on the number as a ID good enough to identify
you and divolge your account details on SMS) can just as well break into
your phisical location and take what he wants or kidnap the children of
the sysadmin or any other large scale operations such as those. It all
depends on what you are protecting. I think that for 95% of the people
and LANs out there it's secure enough, combined with a one time password
carried by the SMS message itself.
--
Gilad Ben-Yossef <gilad@benyossef.com>
http://benyossef.com :: +972(54)756701
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il