× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 1997

No Subject

  • From: Steve Glanstein <mic@xxxxxxxxx>
  • Date: Mon, 16 Jun 1997 22:08:41 -1000 (HST)
 

Hello everybody....just a few comments about securing a PC  (ha ha ha ha)


> [snip snip]
>
> No offense, but no, no, no, no, NOOOOOOOOOO!  Password cache is one
> of my biggest gripes with Win '95, and a detriment to the already
> vulnerable OS/400.  You're better off allowing anonymous sign on via
> QUSER, and moving files with which you are not concerned with the
> upload to a library to which QUSER has upload authority.  You should
> NOT allow passwords with access to the /400 to be stored on a
> machine with which so many people (especially hackers) are
> familiar...

I agree with password cache but disagree with giving the entire public 
access to a QUSER via an anonymous sign-on.

> While I agree (wholeheartedly) with your NO PASSWORD CACHE sentiment,
> (I disable it on all PCs that I setup) it can be used securely. You
> just have to set up the PC properly. Once the PC is secured (see
> below), an unauthorized user won't be able to get to the 400 through
> the PC unless they know the right PC passwords AND an AS/400 password
> (since re-booting the PC flushes the password cache).

Any financial betting here?

> Steps to follow to secure a PC:

Drive over it with a municipal bus...(Just kidding!)

> 1. There are quite a few shareware programs that password-secure a
> Win95 PC; get one & use it. THIS STEP IS CRITICAL, since the other
> steps only add to the security provided here.

Not familiar.

> 2. Assign a screen saver, then assign a password to it. Put a short
> (1 minute?) time into it.

Helps a "little" bit.

> 3. Put it in the StartUp folder so it executes when Windoze starts
> up (you'll have to add /S to the end of the line, like this:
> SSMARQUE.SCR /S)

> 4. In your CMOS setup, disable bootup from drive A:
> (so a hacker can't get into the PC w/ a bootable floppy).

This gets real exciting when you need to boot from a floppy thanks to a 
CONFIG.SYS problem or destroyed COMMAND.COM

> 5. Also in the CMOS, assign a password to the PC. Sometimes there
> are 2 passwords: one to change the CMOS settings, one to access the
> PC. If your PC has both, then use both.

Extremely simple to bypass, in more ways than one.

The ideas are helpful, certainly better than nothing.  Don't forget.  The 
design of a PC is not very secure.  Hopefully, the security level of the 
information on the PC is not high.

Certainly, no security officer passwords should be cached in this case.

Steve Glanstein
mic@aloha.com



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* This is the Midrange System Mailing List!  To submit a new message,   *
* send your mail to "MIDRANGE-L@midrange.com".  To unsubscribe from     *
* this list send email to MAJORDOMO@midrange.com and specify            *
* 'unsubscribe MIDRANGE-L' in the body of your message.  Questions      *
* should be directed to the list owner / operator: david@midrange.com   *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.