RE: RMTCMD's security?

Interesting idea Gary. So what you are saying is that let's say you have
SystemX, SystemY, SystemZ. And your concern is that a user on SystemX can
get to SystemY and use that to initiate nasties on SystemZ. Others, like
Scott and I, are arguing that you should be hardening SystemZ to stop
attacks on it. Maybe your concern is that perhaps SystemZ was hardened.
Perhaps they have a strong exit point on it to only accept remote commands
from the IP address associated with SystemY. Your argument is that you
should then secure SystemY's use of remote commands so that they aren't
used to leap frog into SystemZ. Am I right so far? Do I get credit for
trying to understand your angle? I suppose one could go on that the full
litany of commands that could be executed from there should be secured.
Including, but not limited to: TELNET, FTP and a host of api's and pase
and qsHell applications available to attack SystemZ from SystemY. Then
there's the defense in depth strategy. Not only do you secure access
using certain techniques to SystemZ from only being initiated from
SystemY, but you also secure them to only being allowed from certain
individuals. For example user SAM can only run a remote command from
SystemY.

I think Chuck was referring to the "full litany".

gotta go.


Rob Berendt