SSH on the router - was( IT security people sleep well)

• Previous message (by thread): SSH on the router - was( IT security people sleep well)
• Next message (by thread): SSH on the router - was( IT security people sleep well)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On 07 June 2004 11:10 -0700 Randy Bush <randy at psg.com> wrote:

>> It makes more sense to funnel everything through secure gateways and
>> then use SSH as a second level of security to allow staff to connect
>> to the secure gateways from the Internet. Of course these secure
>> gateways are more than just security proxies; they can also contain
>> diagnostic tools, auditing functions, scripting capability,
>> etc.
>
> and all the other things single points of failure need.  like
> pixie dust, chicken entrails, ...

Where did the word "single" come from, given he had an "s" on gateways?
Replicate them across POPs. Having lots of routers accessible from a small
number of machines, which are (relatively) widely accessible but can be
firewalled to hell, seems a better option than having lots of routers
accessible from a large number of machines (esp. ones outside ones own
administrative domain, e.g. home machines). YMMV. [no I don't think
they need the other pixie dust stuff on though]

Alex

• Previous message (by thread): SSH on the router - was( IT security people sleep well)
• Next message (by thread): SSH on the router - was( IT security people sleep well)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]