[71056] in North American Network Operators' Group
Re: SSH on the router - was( IT security people sleep well)
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Jun 7 14:11:30 2004
From: Randy Bush <randy@psg.com>
Date: Mon, 7 Jun 2004 11:10:16 -0700
To: Michael.Dillon@radianz.com
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
> Once you open the router to SSH from arbitrary locations on
> the Internet
i don't think anyone (sane) was suggesting that. but my
competitors are encouraged to do so.
> It makes more sense to funnel everything through secure gateways and
> then use SSH as a second level of security to allow staff to connect
> to the secure gateways from the Internet. Of course these secure
> gateways are more than just security proxies; they can also contain
> diagnostic tools, auditing functions, scripting capability,
> etc.
and all the other things single points of failure need. like
pixie dust, chicken entrails, ...
randy
