Jean-Francois Theroux wrote: > I'm with Jeremy here. All the production systems I manage run SSH on a > weird port that's usually not scanned by script kiddies tools. That > removes a lot of jitter from our logs. On the other hand, there's not > that many machines that are accessible from the net by SSH. > > The corporate security policy states on the other hand that remote > connections are only allowed over VPN. And that's the case for most > organizations out there. I would think it's kinda historical, as in > the telnet days, DES encryption was much better ;) > > The only reason I'd see people use VPN + SSH is to use 2 different > encryption schemes, to make it twice as hard to get hacked. Having > worked in financial institutions in the past, I can assure you that's > common practice. They even bring up VPN tunnels on top of their LAN > extensions, because they cannot assume their carrier won't snoop on > their traffic. I think VPN is only covered in "Server user access security 201" with Prof. Bakhos (that guy is tough!), and 101 is a prereq (Prof. Jimmy is a pushover, just buy him a beer).
Jeremy _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
