× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2000

Re: Okay to change QAUTOVRT to zero?

  • Subject: Re: Okay to change QAUTOVRT to zero?
  • From: Jim Langston <jimlangston@xxxxxxxxxxxxxxxx>
  • Date: Wed, 18 Oct 2000 08:13:22 -0700
  • Organization: Pacer International
 
QAUTOVRT and security.

It should be fine to change your QAUTOVRT to 0, since any needed devices
by this time should already be created.  They do not disappear after being
created but hang around until you delete them manually, they are reused.

So what's the big deal then?

Say you have some hacker trying to access your system.  He gets to your
system either through dial in or telnet or similar methods.  He tries to
log into your system by guessing user names and passwords.  Now, if you
have your security set up correctly, when the system disables a user 
profile it will also disable the device.  With QAUTOVRT set to 0 (do not
create) once the hacker reaches the last usable device he will no longer
be able to get a sign on.  So you thwarted his attempts.

But, with QAUTOVRT set to 1 (auto create) the hacker can try as often as
he likes, because even though the virtual devices are becoming disabled, he
just starts a new connection and a new one is created.

The way to use QAUTOVRT with security in mind is to initially turn it on and
allow a number of devices to be created.  After enough auto devices get created
you turn it off.  You now have enough virtual devices for everyone to get onto
your system that needs too, but no more will be created when someone comes along
and starts disabling them trying to hack into your system.

Regards,

Jim Langston

Date: Tue, 17 Oct 2000 16:47:49 EDT
From: MacWheel99@aol.com
Subject: Re: Okay to change QAUTOVRT to zero?

There are a couple issues here.

Someone made a security review & suggested something to improve security.
Bryan Burns asked what the implications of the adjustment might be.
Al Mac asked what impact this might have on AUTHORIZED DIAL IN.
Chuck Lewis implied that it might not interfere with ANY dial in.
Which means that the original security reviewer missed something ... if a 
port or line is left open for the purpose of an AUTHORIZED dial in, or pass 
thru, then an intruder might also use that access.
So what has been accomplished by adjusting QAUTOVRT from perspective of the 
security goals?
Or am I off in left field ... QAUTOVRT is not FOR security of dial in, but 
for security of LAN attachments?

Alister William Macintyre 
Computer Data Janitor etc. of BPCS 405 CD Rel-02 on 400 model 170 OS4 V4R3 
(forerunner to IBM e-Server i-Series 400)  @ http://www.cen-elec.com Central 
Industries of Indiana--->Quality manufacturer of wire harnesses and 
electrical sub-assemblies
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.