Aleksandar Ivanisevic <[email protected]> writes: > While you are assuming, why don't you also assume that, since he already > has access to your network, why whould the bad guy stop there? He has > probably already broken into your machine and is sniffing your ssh key > passphrase as we speak. Oh my.
I fear this. The difference, though, is that it's fairly easy (at least in my case) to set up your internal network as if it was an external network, in almost all situations. The situations where this isn't practical (for instance, my legacy console servers and rebooters, where they communicate with powerman and conserver) can be kept very small and very specific. Finding an open, trusted smartcard, though, is quite difficult; Look at the recent RSA breach. You can't trust the closed stuff; clearly they take shortcuts because nobody is going to see the code. And even if you do find a good smartcard implementation, if the client computer is compromised, even if you use a secure smartcard implementation to authenticate, it's easy enough for the client to compromise the (properly authenticated) channel. If you auth to root over that compromised channel? game over. but yeah. I like to avoid jelly donut security as much as practical. For me, the "trusted network" is something I can almost entirely get rid of. ssh keys and the fact that desktops are essentially trusted, right now, is still my soft and gooey center. It's a problem that needs to be solved, but it's a hard problem, while for me at least, 'trusted' networks are an easy problem. I mean, security is always a sliding scale, full of tradeoffs. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
