LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

October 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS October 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security Breach
From:	Brett Viren <[log in to unmask]>
Reply To:	Brett Viren <[log in to unmask]>
Date:	Thu, 2 Oct 2008 10:21:32 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (19 lines)

John Summerfield <[log in to unmask]> writes:

> Rather than run ssh on a non-standard port, my preference is to use
> a VPN,

One negative with VPN w.r.t. using SSH tunnels is that VPN allows all
network traffic from the remote system into your firewalled network.
If the VPN client machine has picked up any malware, it gets to see
all your internal network.  Instead, SSH tunnels takes a default-deny
approach.  At most, any malware can only access the specific ports of
specific internal machines that are made available.

We have been trying to get users off VPN and embrace tunnels.  It
takes more case-by-case effort to set up than a one size fits all VPN,
but once it is done the day to day use is easy.

Regards,
-Brett.

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV