David Lang wrote:
>
> 1. someone goes to the efort of getting the passwords and then finds an
> application bug that gets them on the machine where they can use them (in
> which case they may be getting on as root anyway)
>
> 2. inside people useing SSH to tunnel stuff through that I have no control
> over becouse "it's only for me and it's not really a risk anyway"
Interesting. I was considering simply limiting ssh traffic to and from
defined administrative workstations on either side. But of course that
denies my end-users the same protection.
What if a user was to bring up an ssh daemon on a port that was allowed
through your firewall?
--
Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
UNIX System Administrator|Royal Military College of Canada
The Kingston Linux Users Group|http://signals.rmc.ca/klug/
Saving the World ... One CPU at a Time
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
