Educause Security Discussion mailing list archives
Re: How do you all handle SSH access to campus resources?
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Wed, 4 May 2005 12:05:04 -0400
Michael Horne wrote:
First time poster here looking for some info on how Universities and others handle SSH access to there campus and how restrictive it is configured.
For most common services (including SSH) we only allow outside internet incoming to our "registered" servers as a first line of defense. These services are blocked to everything else. Next, specific subnets may selectively permit or deny services (again splitting hairs between default permit and default deny) and what sources are involved. Finally, we use host-based firewall/iptables/etc rules where access needs are not met by the previous provisions, or for the paranoid, in case the previous measures are compromised.
Currently we have a single SSH gateway on a DMZ.
We don't use a gateway, but rather a VPN for internal staff. Still looking at a more generalized solution for encryption for more general applications (SSL/VPN/something) to satisfy audit requirements.
We have as you all have been spam'd by the number of brute force attempts into our systems.
Our external-facing mail servers only accept mail for local delivery. Our mail delivery servers only accept mail from campus.
I.e... Anyone have any luck with blocking APNIC ranges for home cable modem users which seems to be a large source of the brute force attempts?
Haven't visited that idea yet. Jeff Kell System/Network Security University of Tennessee at Chattanooga ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- How do you all handle SSH access to campus resources? Michael Horne (May 04)
- <Possible follow-ups>
- Re: How do you all handle SSH access to campus resources? Chad McDonald (May 04)
- Re: How do you all handle SSH access to campus resources? Jeff Kell (May 04)
- Re: How do you all handle SSH access to campus resources? Michael Horne (May 04)
- Re: How do you all handle SSH access to campus resources? David Shettler (May 08)