[...] > > For example when doing remote administration of servers on some remote > network you should always use SSH, even if you also have a VPN to > connect your local workstation (and/or local network) to the remote > network. You should not trust everyone and everything on the remote > network between its gateway and the remote server(s) you're > administering. If you don't always use SSH any passwords you type to > them may be seen by a sniffer on the remote network. The same risks > apply to using any remote application where you don't want sensitive > data to be seen or interfered with as it traverses the remote network. Just a small note on this: you can use IPSec for remote administration of servers with the same degree of confidence you'd use SSH. I do understand and agree with Greg's concerns about trusting everything on the remote network, but you're thinking of IPSec only in terms of tunelling, where you have a couple of gateways (peers) doing encryption and decryption on behalf of other hosts. If you use IPSec in transport mode, you'll have end-to-end encryption between two hosts, which is equivalent to what you'd achieve with SSH. Cheers Fernando -- Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A. Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6 Fax : +351 21 7994242 1700-036 Lisboa - Portugal email : fernando.cardosoat_private http://www.whatevernet.com/ _____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. --------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 29 2002 - 08:20:35 PST