Penetration Testing mailing list archives
Re: [PEN-TEST] NIS. An Alternative.
From: Max Vision <vision () WHITEHATS COM>
Date: Mon, 21 Aug 2000 19:19:00 -0700
You probably shouldn't make your infrastructure decisions based on security problems in particular implementations. Security holes are found in most software - so unless there are fundamental design flaws you might consider newer versions, versus ruling out the entire protocol. Sun may have NIS/NIS+ working perfectly now, I haven't looked. IMHO, configuration plays the largest role in proper directory services security. Another good option is LDAP, which seems to be gaining popularity recently. Solaris 8 also supports Native LDAP (nsswitch.ldap template). http://www.openldap.org/ Several LDAP implementations have had serious security flaws as well, although I don't think this should be a factor in choosing a protocol for your directory services needs: Microsoft Exchange 5.5 (LDAP buffer overflow, found by ISS) Checkpoint Firewall-1 4.0 sp4 (LDAP ACLs didn't work, found by Olaf) Netscape Professional Servies (LDAP ACL's again, found by lcamtuf) and numerous localhost holes... I suppose my point is that even another good directory service (LDAP) has a history of problems, and that although security is critical, perhaps protocol infrastructure/design should be a more important consideration in your selection. Once you pick the right tool for the job, you can go about securing it. :) Max Vision http://whitehats.com On Mon, 21 Aug 2000, Jason Spencer wrote:
Due to the security implications created through using NIS (Network Information Services) could anyone recommend any alternatives ? Thanks
Current thread:
- [PEN-TEST] NIS. An Alternative. Jason Spencer (Aug 21)
- Re: [PEN-TEST] NIS. An Alternative. Max Vision (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Iván Arce (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Adam Prato (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Jose Nazario (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Massimo Fubini (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Ryan Permeh (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Domenico De Vitto (Aug 24)
- Re: [PEN-TEST] NIS. An Alternative. Peter Van Epp (Aug 24)
- Re: [PEN-TEST] NIS. An Alternative. Max Vision (Aug 22)