OK, we have the HP3000 locked up in a room. We have the IP address invisible to
non-campus users. The modem line is switched 'off-line' except when we
specifically need it. Are we safe? Hardly.

The simplest form of attack to which we are vulnerable involves someone
internally eavesdropping on the connection between the CPU and a terminal. If
the terminal is serially connected, someone could just splice the line between
the terminal and CPU and connect to another terminal. This would allow snooping
of transmission in both directions. It wouldn't be long before at least one set
of passwords would be known. If the terminal is connected via NS, the bad guys
can use a packet sniffer to get the same displays.

We had a case here a few years ago in which an instructor bragged about the
security of a system and challenged anyone to break in. The next morning, a
student gave the instructor the password for 'root'. He just spliced into a
serial connection. (Don't EVER challenge them like this).

So . . . I'm wondering - - Has anyone out there done anything about this other
than ponder the situation and update his/her resume?

Thanks in Advance.

- Bob Feighner
- Director, Computer Services
- East Central University
- 159 Administration Building
- Ada, OK  74820
- [log in to unmask]
- phone:   405/332-8000 ext 256
- FAX:     405/436-4563