Re: ssh defeats the firewall

Thu, 20 Apr 2000 12:53:52 -0700 

-----BEGIN PGP SIGNED MESSAGE-----

for the commercial firewalls I use the provided tool, for the other
machines I use a one-time password to get through the firewall to them. It
isn't perfect (data can be sniffed), but I take the position that if I am
doing my job correctly it wouldn't matter if my root passwords were
posted, noone could get to where they could use them.

This is a decision I made based on my  perception of the relative risks
between 

1. someone goes to the efort of getting the passwords and then finds an
application bug that gets them on the machine where they can use them (in
which case they may be getting on as root anyway)

2. inside people useing SSH to tunnel stuff through that I have no control
over becouse "it's only for me and it's not really a risk anyway"

David Lang



 On Thu, 20 Apr 2000, Mark E. Drummond
wrote:

> Date: Thu, 20 Apr 2000 15:38:06 -0400
> From: Mark E. Drummond <[EMAIL PROTECTED]>
> To: David Lang <[EMAIL PROTECTED]>
> Cc: Firewalls <[EMAIL PROTECTED]>
> Subject: Re: ssh defeats the firewall
> 
> David Lang wrote:
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > This is exactly the reason why I do not allow SSH through the firewalls I
> > manage.
> 
> So do you do remote management of your UNIX boxen? If so, what do you
> use?
> 
> -- 
> Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
> UNIX System Administrator|Royal Military College of Canada
> The Kingston Linux Users Group|http://signals.rmc.ca/klug/
> Saving the World ... One CPU at a Time
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQEVAwUBOP9NJz7msCGEppcbAQE6iggAnEi5Hy5vSNe85OvQVdpVA8yuXYBASINr
Jkd6OzMjLFg1wGmeRq/Mn3nxluOV6b1bvcSPRUKK1tWa4T0KF5vfFMT0G8gR4sW0
NitqUmGKUw7RusdYghI1ZZjNgly7DuqiUfksGkj9dTFWqO8+A57eMUvHnqZN6afm
gGaLOOYlUWG2roWELLDZ2QTs8e31ZuwBah5OnndoCRszDiRK8+1JRj0jDhSPann5
rdTbt2j0K32rkK95nIogasO/keI1feK0mSPL/8rK30whWuH9fPO976rW48k2tfKv
pGEQbky62Gc4jJkhAxb/U8ZKJDiO7aBAjZE33bI/o8/c0lMLidND3g==
=uSjE
-----END PGP SIGNATURE-----

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to