Date: Thu, 25 Mar 1999 16:32:52 -0500 (EST) From: David Gilbert <dgilbert@velocet.ca> To: Mike Thompson <miket@dnai.com> Cc: Matthew Dillon <dillon@apollo.backplane.com>, freebsd-security@FreeBSD.ORG Subject: Re: Kerberos vs SSH Message-ID: <14074.43908.398273.970148@trooper.velocet.ca> In-Reply-To: <4.1.19990325120933.00ad08d0@mail.dnai.com> References: <Pine.GSO.4.10.9903251409300.17330-100000@primrose.isrc.qut.edu.au> <4.1.19990325021717.0097e980@mail.dnai.com> <4.1.19990325120933.00ad08d0@mail.dnai.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Mike" == Mike Thompson <miket@dnai.com> writes: Mike> The only way that I can see to make this even more secure would Mike> be to run two NICs on each server so secured IP packets are Mike> never co-mingled with Internet IP packets, even behind a router. Mike> However, this is something that we would not like to do because Mike> it doubles the cost of our network hardware and increases Mike> complexity. The cost per server (both hardware and software) is Mike> a critical factor in whether our business succeeds. I don't believe that this is "more secure". It is simply "less dependant" on the "correctness" of ipfw (in essence creating a hardware separation in lieu of a software one). The big hole in your design is that access to one machine implies access to all machines. Once someone gains access (though whatever means) to one machine, they can roam around freely amongst many machines. To prevent this, you would want to pass authenticated (not necessarily encrypted) commands back and forth between the servers such that any one server could only invoke a certain narrow number of commands on another. You could do this with ssl web servers, for instance. I suppose, from a security standpoint, I'm saying that you're breaking the "least privildge" principle. Obviously, one server doesn't/shouldn't need to be a complete bonna-fide user on another server. Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14074.43908.398273.970148>