On Tue, May 03, 2011, Mark Moellering wrote: > Everyone, > I am looking into setting up a webserver to hold some very sensitive > information. I am trying to figure out which is more secure, forcing > any web connections to be done using an ssh tunnel or forcing ssl. > I have not been able to figure out if one is definitively much more > secure than another or if they are close to the same. I would have > initially thought the ssh tunnel was more secure but knowing that ssl > can use AES-256, I am now wondering if that isn't adding a complexity > for little extra security.
Our solution for critical services like this is to run the service only on a private LAN segment which is available from the outside world only through an OpenVPN connection. The OpenVPN connection requires unique keys for each client which are easily revoked if a laptop is lost or stolen or on employee termination. It also isolates the web service from other external attacks via insecure PHP scripts and such. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792 If the personal freedoms guaranteed by the Constitution inhibit the government's ability to govern the people, we should look to limit those guarantees. -- President Bill Clinton, August 12, 1993 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
