On 2014-02-18 11:36, Edward Ned Harvey (lopser) wrote:
The easiest and best thing to do for several reasons, is to make sure all your
laptops run whole disk encryption.
I don't disagree, but I see these two as kind of separate, encrypting the
drive will only close one door. The EC2 keys might be copied somewhere else
(backup, usb drive, scp to another machine etc...). I see the EC2 key pair the
same as an ssh private key (obtaining it gives access to an environment),
except that:
- you cannot password them
- you tend to use them for automation (scripts, ansible etc...), which means
that users tend to write them down in the bash profile or script config file
More and more smaller companies are office-less and use cloud resources,
meaning no corporate network, no firewall, and they must run in this
particular problem. What solutions do people use to reduce the exposure?
--
Yves.
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
