> > > I'd just like to reiterate that most of those don't need any extra > > > security. SSH and HTTPS are already secure, and IMAP and SMTP can be > > > accessed over SSL (like HTTPS). These are all secure enough to be > > > widely used without extra layers of encryption. > > > > I'm surprised, but glad to hear this. I was under the impression that > > opening services like SSH and CUPS to the internet was a bad idea. I > > guess they're secure enough. That removes #2 and #3 from my 4-part > > list above. > > > > If I can print with CUPS via SSL and submit SMTP mail via alternate > > port 587, I won't need a VPN or tunnel. > > > > Thanks a lot for everyone's help. I'm going to start a new thread for > > those topics. > > What wasn't mentioned is that SSL covers transport encryption, not > necessarily application security. What that means is if you open IMAP, > SMTP, CUPS, and SSH daemons over the internet then you also need to keep > (better) track of security vulnerabilities found in those applications, > and fix them as needed. SSL alone won't help you there. Whereas if > you're only running, say OpenVPN over the Internet then that's the only > application you gotta look out for. > > Also, doing things such as running IMAP over SSL using accounts with > weak passwords doesn't gain you much either.
Good points Albert. Is a daily 'emerge --sync && emerge -avDuN world' generally enough as far as tracking security vulnerabilities? - Grant -- gentoo-user@lists.gentoo.org mailing list
