Date: Mon, 5 Nov 2001 11:26:36 +0100 From: "Anthony Atkielski" <anthony@atkielski.com> To: "Ben Eisenbraun" <bene@klatsch.org>, <questions@FreeBSD.ORG> Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <00a601c165e4$5b018660$0a00000a@atkielski.com> References: <15330.23714.263323.466739@guru.mired.org> <00b501c1637b$1cd2f880$0a00000a@atkielski.com> <20011102095554.A38169@student.uu.se> <00d801c1637c$d3264640$0a00000a@atkielski.com> <20011102055416.B67495@klatsch.org> <8s668sdck9.68s@localhost.localdomain> <20011105043613.A90073@klatsch.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Ben writes: > As a general rule, I try to trust as little as > possible. How long will it be before some bright > hacker discovers the next flaw in the ssh protocol > implementation? Discovering a flaw and using it are two different things. Beyond a certain point, it becomes more practical to simply try to get the password by human means (tricking or bribing an admin, etc.) than by technical means. I daresay that a lot more passwords are discovered by glancing at Post-Its in the machine room than by any technical compromise of any reasonably secure login technique (such as any version of SSH). Once you start encrypting things with any kind of real encryption, all attacks tend to become harder by many orders of magnitude--so much so that I'd say that they just are no longer practical compared to other, out-of-band attacks, such as the human attacks described above. Additionally, very, very few systems contain such valuable information that they would justify any kind of technical attack against encrypted protocols. > Any time you're transmitting sensitive data over > a network, you're opening yourself up to attack. Encryption greatly reduces the feasibility of attack; good encryption and a well-designed protocol can reduce it so dramatically that it just isn't cost-effective to attempt the attack. And once you get to that point, any additional security is a waste of resources. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a601c165e4$5b018660$0a00000a>