India''s sole public Internet access provider, VSNL, has
begun tightening security on its Gateway Internet Access Services (GIAS) servers across
the country.
As we go to print, the Mumbai and Delhi nodes have
experienced the changeover which, though an effective security measure, also renders the
shell accounts of VSNL largely useless.
FTP A Security Risk?
VSNL users who used to operate by having their counterparts
abroad (or even within the country) FTP into their accounts to send or receive files (a
very common and effective way of doing things) are in for a brutal shock--VSNL has
terminated inward FTP access. FTP can now only be initiated from within the VSNL server.
Even worse, VSNL has terminated useful services such as
rlogin (which allowed a faster login into the server from outside of VSNL) and finger
(which allowed people to obtain information about a user–such as last login
date/time, contents of the .plan file, used by users to provide more information about
themselves) etc.
And Finger, Too?
While the removal of a "Wild Card Finger" (a
finger command without user-parameters which would give the list of people logged into the
server) is justifiable, the removal of the ability to finger specific accounts is not. The
biggest losers are the TCP/IP account users, who used the .plan file to advertise their
current IP address. Also, users who used to add the line "finger xxxx@giasdl01... for
more information about me" are now out in the cold.
VSNL is now finally giving users a restricted "shell
prompt". But this one is eyewash--there is even less you can do with this shell
prompt than you could with the fixed menu structure.
For example, the Kermit command, which was the Swiss army
knife for VSNL users for file management, a cleaner telnet, etc, has now been stunted and
mutilated down to a simple file transfer package without any extra functionality.
Users who were praying for the shell prompt so that they
could use SLIP emulators like SLiRP or SlipKnot are in for disappointment–neither
package can be used. This is because all commands executable by a user at the shell prompt
are stored in the directory /usr/rbin--you cannot execute any programs stored in your own
directory. In fact, you cannot even change directories. If you had created a minor
directory hierarchy of your own under your own home directory on VSNL and had stored files
there, you are in trouble–getting at these files is now more cumbersome.
Mumbai VSNL shell account users, who are also under these
restrictions, retain access to the old Kermit program, and also have other options not
available at Delhi–IRC (Internet Relay Chat), gopher, etc.
By the time you read this, these restrictions could well be
in place at other VSNL sites.
One jarring bit is that the Zmodem commands (rz and sz)
used at Mumbai and Delhi are modified, and also contain a free advertisement for a user.
The code has been hacked, additional lines added, and redistributed–a copyright
violation endorsed by VSNL, and highly unethical.
The background to the security scare is the repeated
intrusions by "crackers" who used other people’s accounts, especially those
that had extremely simple passwords, which could be easily guessed by specialized
programs.
For instance, suppose NIIT Ltd took an account with the
login "niit" and used the password "NIITLTD"--this would be one of the
first to be guessed by a cracker program. VSNL directors Amitabh Kumar and R K Gupta were
reportedly two favorite targets: some rumors claim that their passwords were simply
Amitabh and rkgupta (which were also their logins)...
Better Access
Like Mumbai, Delhi users have been now experiencing quick
dial-up access each time, thanks to additional lines. And higher-speed backbones direct to
the Internet have helped speed up things considerably. There are still complaints from
other cities, but things are getting better.
Guest Accounts
One thing that few people know about is that all VSNL sites
have a special account (login "guest", password “GUEST”) that allows
people who are travelling to connect to their home server to access their accounts there.
For example, if you have an account at Delhi, and travel to Bangalore, log into the
Bangalore server with the above mentioned login name and password. You will be shown a
menu which allows you to connect to any of the other servers. This is a useful thing, and
VSNL should give more publicity to this.