nanog mailing list archives
Re: SSH on the router - was( IT security people sleep well)
From: Alex Bligh <alex () alex org uk>
Date: Mon, 07 Jun 2004 22:12:36 +0100
--On 07 June 2004 11:10 -0700 Randy Bush <randy () psg com> wrote:
It makes more sense to funnel everything through secure gateways and then use SSH as a second level of security to allow staff to connect to the secure gateways from the Internet. Of course these secure gateways are more than just security proxies; they can also contain diagnostic tools, auditing functions, scripting capability, etc.and all the other things single points of failure need. like pixie dust, chicken entrails, ...
Where did the word "single" come from, given he had an "s" on gateways? Replicate them across POPs. Having lots of routers accessible from a small number of machines, which are (relatively) widely accessible but can be firewalled to hell, seems a better option than having lots of routers accessible from a large number of machines (esp. ones outside ones own administrative domain, e.g. home machines). YMMV. [no I don't think they need the other pixie dust stuff on though] Alex
Current thread:
- Re: IT security people sleep well, (continued)
- Re: IT security people sleep well Paul Jakma (Jun 06)
- SSH on the router - was( IT security people sleep well) Michael . Dillon (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Rubens Kuhl Jr. (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Henry Linneweh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Henning Brauer (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Edward B. Dreger (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Michael . Dillon (Jun 08)
- Re: SSH on the router - was( IT security people sleep well) Alexei Roudnev (Jun 08)
- Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Valdis . Kletnieks (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
- Re: IT security people sleep well Daniel Senie (Jun 06)
- Re: IT security people sleep well Priscilla Oppenheimer (Jun 07)
- Re: IT security people sleep well Stephen Sprunk (Jun 07)
- Re: IT security people sleep well Robert Boyle (Jun 06)
- Re: IT security people sleep well Henning Brauer (Jun 07)