[nos-bbs] use of SSID & security

[(Skip) K8RRA]

QSL Jay - and CONV access tested successfully in W. Mich.
Based on my experience, this is new ground and I will proceed to include
all this in documentation.
If these topics already exist in documentation somewhere - may I have
links to them for inclusion?

Now you will note I expand this thread to include security.
My experience is that use of the -6 SSID to enable direct connect via
AX-25 thwarts password security.
I have not explored the other direct connect options, I will later...

I find some concern in this lack of identity check.
Granted, security is lax in most jnos installations, but integration
with Internet opens Pandora's box.
I'd like to hear from this community - is the risk worth making an issue
of it?

For my station, I believe I will not enable the feature until security
is a fully explored subject.
I'm satisfied that the doorway to the BBS is as secure as jnos is
capable.
I'm also satisfied the overhead of indirect connect (for BOTH man and
computer) is trivial.

On Wed, 2006-12-13 at 07:14 -0500, Jay Nugent wrote:

> Greetings Skip,

>>SNIP<<

> 
> 
> > Isn't it a misnomer to "connect to CONV bridge" since "connect" syntax
> > is intended for BBS-to-BBS interconnect via AX-25?
> 
>    No.  An AX25 "connect" can be to ANY service.  Whether that service be
> a BBS, a console, a teleprinter, a PBBS, a CONVerse bridge, a Node, or a
> database.  It's mearly a way of establishing a connection between two
> stations setting up a path that data may flow between them.

A question directed at Maiko and other developers:
If password security is deemed to be more important than offering the
shortcut connect feature to users,
then can you guess at the effort required to add a password challenge to
these "direct" access features?
Where would it fall in your list of interests/priorities?

I offer the following as insight into my personal interests - not for
detail conversation at this time...

I am beginning to explore the issues of abuse via Internet access to
jnos, and the history leading to policies of dis-allowing open access to
to email transport agents.  At this point I believe I have an incomplete
appreciation for the subject, however if I am at least close to the crux
of the matter it seems like tools exist to manage the risk while having
relatively open Internet links.  The approach I see involves use of
software like fetchmail, iptables, spamguard, and the like to manage the
traffic over the tun interface to Internet.  It also seems that offering
direct connect via -6 SSID without pwd validation as an example plays
into this scenario.

> 

>>SNIP<<

> 
>    Koolness!  And with JNOS there is always more than one way to skin a
> cat.  Personally I prefer method #49, to use a power sander... YOW!! ;-)

Kewl Jay - and yes jnos is multifaceted.
A sidelight question to you and MI-DRG:
How would you and DRG feel if I were to redirect my documentation effort
away from publishing a .pdf document and toward perhaps populating a
wiki with the material and opening it to further development using
wiki-like tools?  It seems to me the relationship between open access
and security is a worthy topic for development - specifically for jnos
sysops.

> 
>       --- Jay Nugent  WB8TKL
>           Chair, ARRL Michigan Section "Digital Radio Group" (DRG)
>           [www.MI-DRG.org]
> 



73
de [George (Skip) VerDuin] K8RRA k
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20061213/84af7521/attachment.html>