Educause Security Discussion mailing list archives
Re: How to Protect Campus Sensitive Servers
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 4 Feb 2010 11:12:55 -0500
On Thu, 04 Feb 2010 09:27:13 EST, Pete Hickey said:
On Thu, Feb 04, 2010 at 09:00:45AM -0500, schilling wrote:We propose a one central Information Technology Services(ITS) VPN profile which could have access to all the resources, all employee in ITS will have access to this VPN group. Then In all the servers, host based user/group authentication/authorization will decide whether a user can login or what to do.Defense in depth, as they say. This is putting all your eggs in one basket, by only depending on the host. As time goes on and things grow, this type of thing does not scale well.
Note that the original poster indicated that they are already able to scale the "each server does the final authentication" part well enough. Even having one big VPN pool for several hundred people accessing several dozen servers is still one heck of an improvement over all the servers being exposed to the entire Internet so people can get to them. And at some point, you have to remember that security is trade-offs. Once you get to *one* VPN, do you really get *that* much additional protection from having several dozen VPNs, each with one server and a dozen users in it? Remember that if user A gets compromised, the attacker can access any server A has credentials for. But the attacker can't access servers that user B has access without B's credentials. Of course, if the attacker gets B's credentials, it no longer matters if A and B are in one VPN or separate VPNs, because the attacker can use B's credentials to use B's VPN and access B's server. Compare and contrast to the chances that somebody in your NOC or security group will accidentally fat-finger a config and DoS one of the VPNs. At some point of complexity, your security model ends up in Pogo mode: "We have met the enemy and he is us".
Attachment:
_bin
Description:
Current thread:
- How to Protect Campus Sensitive Servers schilling (Feb 04)
- <Possible follow-ups>
- Re: How to Protect Campus Sensitive Servers Pete Hickey (Feb 04)
- Re: How to Protect Campus Sensitive Servers Sam Stelfox (Feb 04)
- Re: How to Protect Campus Sensitive Servers Sarazen, Daniel (Feb 04)
- Re: How to Protect Campus Sensitive Servers Julian Y. Koh (Feb 04)
- Re: How to Protect Campus Sensitive Servers Valdis Kletnieks (Feb 04)
- Re: How to Protect Campus Sensitive Servers Di Fabio, Andrea (Feb 04)
- Re: How to Protect Campus Sensitive Servers schilling (Feb 04)
- Re: How to Protect Campus Sensitive Servers schilling (Feb 04)
- Re: How to Protect Campus Sensitive Servers Julian Y. Koh (Feb 04)
- Re: How to Protect Campus Sensitive Servers Richard Hopkins (Feb 05)
- Re: How to Protect Campus Sensitive Servers Christian Hroux (Feb 08)