On 05/05/2011 03:46 PM, Mark McCullough wrote: > > On 2011 May 05, at 07:36, Aleksandar Ivanisevic wrote: > >> >> On 05/05/2011 02:31 PM, Nick Anderson wrote: >>> >>> I use rsync over ssh probably 95% of the time, 4% of the time rsync just >>> over local disk, and 1% of the time with the rsync protocol. >> >> You are not using it inside secure networks or you just think that the >> overhead of ssh is not worth setting up a rsyncd? > > No such thing as a secure network. Unless you are dealing with a physically > isolated network (and probably not even then), always assume the bad guy has > access to your network. This is one of the basic security lessons I'm having > to reteach over and over. "But we have a firewall" is not an excuse for > lessening your security one bit.
While you are assuming, why don't you also assume that, since he already has access to your network, why whould the bad guy stop there? He has probably already broken into your machine and is sniffing your ssh key passphrase as we speak. Oh my. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
