SSH tunnels are great, combined with iptables two linux hosts can 
communicate over an encrypted private channel that only a specific uun 
or group can use.

They do have terrible double exponential backoffs though. But it's good 
enough for encrypted oracle connections without the expence of extra 
oracle licences.

Brett Viren wrote:
> John Summerfield <[log in to unmask]> writes:
> 
>> Rather than run ssh on a non-standard port, my preference is to use
>> a VPN,
> 
> One negative with VPN w.r.t. using SSH tunnels is that VPN allows all
> network traffic from the remote system into your firewalled network.
> If the VPN client machine has picked up any malware, it gets to see
> all your internal network.  Instead, SSH tunnels takes a default-deny
> approach.  At most, any malware can only access the specific ports of
> specific internal machines that are made available.
> 
> We have been trying to get users off VPN and embrace tunnels.  It
> takes more case-by-case effort to set up than a one size fits all VPN,
> but once it is done the day to day use is easy.
> 
> Regards,
> -Brett.
> 


-- 

Please sign my petition:
http://petitions.number10.gov.uk/alcohol-buying/

---------------------------------------------------------
Faye Gibbins, Computing Officer (Infrastructure Services)
       GeoS KB; Linux, Unix, Security and Networks.
Beekeeper  - The Apiary Project, KB -   www.bees.ed.ac.uk
---------------------------------------------------------

   I grabbed at spannungsbogen before I knew I wanted it.

The University of Edinburgh is a charitable body,
registered in Scotland, with registration number SC005336.