SSH on the router - was( IT security people sleep well)
Randy Bush
randy at psg.com
Mon Jun 7 18:10:16 UTC 2004
> Once you open the router to SSH from arbitrary locations on
> the Internet
i don't think anyone (sane) was suggesting that. but my
competitors are encouraged to do so.
> It makes more sense to funnel everything through secure gateways and
> then use SSH as a second level of security to allow staff to connect
> to the secure gateways from the Internet. Of course these secure
> gateways are more than just security proxies; they can also contain
> diagnostic tools, auditing functions, scripting capability,
> etc.
and all the other things single points of failure need. like
pixie dust, chicken entrails, ...
randy
More information about the NANOG
mailing list