Dial-in mgetty line security
I have recently installed a Linux machine at a remote customer
site to serve as a masquerading firewall/router and various other
things such as SMTP/POP3 spool, DNS cache, etc. I installed two
modems, one for dial-out only to the local ISP and the other which
has a simple mgetty listening on it for remote admin. Since I may
need to dial in to this machine at unpredictable hours and from
unknown places, I can't really use callback verification or time
limitations to restrict dial-in access. What I have done is create
an /etc/mgetty/login.config file with only the following two lines:
adminname - - /bin/login @
* - - /bin/false
I have set a long and (hopefully) secure password on the
'adminname' account.
My questions are:
<> Is this adequate to protect from random dialers who might
stumble on the modem tone and try logging in to this machine?
<> Are there any other routine actions like this I should take
to protect modem lines like this used only for occasional remote
admin?
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com
Reply to: