[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bootstrapping
|
From: |
Adrian Phillips |
|
Subject: |
Re: Bootstrapping |
|
Date: |
Thu, 19 Feb 2004 08:03:58 +0100 |
|
User-agent: |
Gnus/5.090016 (Oort Gnus v0.16) Emacs/21.2 (gnu/linux) |
>>>>> "Eric" == Eric Sorenson <eric@explosive.net> writes:
[ Removing Ccs - presumably everyone reads the list ?]
Eric> Given the caveats -- internal-only hosts, defense in depth
Eric> with filters and firewalls -- my point is you don't lose
Eric> much real world security by making
Eric> TrustKeysFrom/DynamicAddresses promiscuous.
Um, do you disallow people ssh'ing to the outside world and, for
example, setting up tunnels to their internal machines ? I'm in no way
a security expert but I was under the impression that the majority of
security breaches are due to internal issues not attacks directly
through the firewall.
What this actually means in real terms I'm not sure - splitting the
network into seperate segments depending upon use, e.g production,
windows, and so on. If a machine that has a cfengine key is
compromised what does it mean for cfengine and the rest of the
network. Its highly unlikely that the cfengine server itself could be
compromised through the cfservd/cfagent connection so is this an
argument for using them or not using them.
Perhaps its too early in the morning for me :-)
Sincerely,
Adrian Phillips
--
Who really wrote the works of William Shakespeare ?
http://www.pbs.org/wgbh/pages/frontline/shakespeare/
Re: Bootstrapping, Mark . Burgess, 2004/02/18
Re: Bootstrapping, Luke A. Kanies, 2004/02/18
Re: Bootstrapping, John Sechrest, 2004/02/18
Re: Bootstrapping, Chip Seraphine, 2004/02/19
Re: Bootstrapping, Luke A. Kanies, 2004/02/19
Re: Bootstrapping, John Sechrest, 2004/02/19
Re: Bootstrapping, Luke A. Kanies, 2004/02/19
Re: Bootstrapping, John Sechrest, 2004/02/19
Re: Bootstrapping <= LDAP and authority, Chip Seraphine, 2004/02/19
Re: Bootstrapping, Mark . Burgess, 2004/02/19
Re: Bootstrapping, Luke A. Kanies, 2004/02/19