Show Table of Contents
18.104.22.168. Use a Password-like NIS Domain Name and Hostname
Any machine within a NIS domain can use commands to extract information from the server without authentication, as long as the user knows the NIS server's DNS hostname and NIS domain name.
For instance, if someone either connects a laptop computer into the network or breaks into the network from outside (and manages to spoof an internal IP address), the following command reveals the
If this attacker is a root user, they can obtain the
/etc/shadowfile by typing the following command:
If Kerberos is used, the
/etc/shadowfile is not stored within a NIS map.
To make access to NIS maps harder for an attacker, create a random string for the DNS hostname, such as
o7hfawtgmhwg.domain.com. Similarly, create a different randomized NIS domain name. This makes it much more difficult for an attacker to access the NIS server.