On Mon, 9 Apr 2001, Thomas Duterme wrote:
> Just want some feedback from some of you security minded
> folk on the list.
>
> We've got a setup of boxes which are running ssh2 on the
> public net (using keys w/ passphrases). No public IPs are
> allowed telnet access.
>
> We've also got a private net for the same servers with a
> dedicated line from the IDC to the company. Currently,
> telnet is enabled on that network. (mainly for ease and to
> eliminate the need for key distribution among all company
> machines)
>
> Question to the list: is there anything *wrong* with this
> picture. Can you criticize this setup from a
> security point of view. Specifically interested in hearing
> what people have to say about the private network telnet
> access. (note: the private names/Ip's are not publicly
> available via DNS - ie using a split DNS atmosphere)
>
>
> TIA,
> -Thomas
>
>
What you have to consider is how secure is your internel network? what
happens if someone cracks your firewall? Also, how secure physical is
your internel network? Are there data closets that might be accessed by
cleaning or maintence people? How about outside contractors? I work as
a construction electrician, and I have lost count of the places where I
have had access to the network. I have even had times when we were
installing CAT-5 cabling where I had a laptop hooked into the network
monitoring trafic. I have had many more times when I could had put a
laptop in the data closet sniffing passwords, and no-one would have
known. This is an area of system security that seams to get overlooked.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
