On Mon, 9 Apr 2001, Thomas Duterme wrote:
> Date: Mon, 9 Apr 2001 10:11:54 +0800
> From: Thomas Duterme <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: RedHat List <[EMAIL PROTECTED]>
> Subject: ssh2 and telnet
>
> Just want some feedback from some of you security minded
> folk on the list.
>
> We've got a setup of boxes which are running ssh2 on the
> public net (using keys w/ passphrases). No public IPs are
> allowed telnet access.
>
> We've also got a private net for the same servers with a
> dedicated line from the IDC to the company. Currently,
> telnet is enabled on that network. (mainly for ease and to
> eliminate the need for key distribution among all company
> machines)
>
> Question to the list: is there anything *wrong* with this
> picture. Can you criticize this setup from a
> security point of view. Specifically interested in hearing
> what people have to say about the private network telnet
> access. (note: the private names/Ip's are not publicly
> available via DNS - ie using a split DNS atmosphere)
>
>
> TIA,
> -Thomas
>
It should be OK as far as I know, at least if you're only interested in
protecting from attacks from the outside world. That's the way we have it
at my workplace (a renowned Silicon Valley company), and it works just fine.
However, keep in mind that many attacks actually come from the inside.
Therefore, unless there is a really good reason to allow telnet access
inside the private network, I'd also remove that if at all possible.
--
------------------------------------------------------
Nitebirdz
------------------------------------------------------
http://www.linuxnovice.org
News, tips, articles, links...
*** http://www.mozilla.org ***
Fight the Microsoft.Net world domination strategy!
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
