North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SSH on the router - was( IT security people sleep well)

  • From: Randy Bush
  • Date: Mon Jun 07 14:13:50 2004

> Once you open the router to SSH from arbitrary locations on
> the Internet

i don't think anyone (sane) was suggesting that.  but my
competitors are encouraged to do so.

> It makes more sense to funnel everything through secure gateways and
> then use SSH as a second level of security to allow staff to connect
> to the secure gateways from the Internet. Of course these secure
> gateways are more than just security proxies; they can also contain
> diagnostic tools, auditing functions, scripting capability,
> etc.

and all the other things single points of failure need.  like
pixie dust, chicken entrails, ...

randy