Re: Cisco PIX with SSH enabled on external port for maintenance

From: Alloishus BeauMains (all0i5hu5_at_gmail.com)
Date: 11/16/05

  • Next message: Jason Muskat: "RE: Hard drive encryption in windows" 
    Date: Wed, 16 Nov 2005 16:09:24 -0600
To: John Maher <john.e.maher@gmail.com>

    You can tunnel everything through SSH as well as VPN. VPN just closes
    down local network access if specified. VPN can use group
    authentication, but this seems to be just like an authentication key
    much like the one that SSH has.

    If you use an authentication key (This is an encrypted physically
    different file you have to load on your outside machines) and then an
    appropriate passphrase to go with it. SSH already encrypts the
    traffic, just like VPN.

    I am not sure how much VPN offers, additionally to this. Especially
    not for the money, since SSH (with SSHD) is completely free and can be
    loaded on any system.

    So, to me, it seems like you would be paying for, or supplying more
    equipment only to get the "disconnected from rest of LAN" portion of
    VPN.

    Anyhow, there is my take on it. You can make SSH as secure as you want
    it to be through those methods I mentioned.

    On 11/15/05, John Maher <john.e.maher@gmail.com> wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    >
    >
    > Chris Largret wrote:
    > > If you DO allow access to SSH to the outside world, there are a few
    > > things you can do to make it more secure:
    > >
    > > 1. Use a non-standard port
    > > 2. Use only the strongest algorithms that SSH supports
    > > 3. Change the passwords regularly
    > > 4. Allow only strong passwords
    > > 5. Limit which IP addresses can connect
    >
    > If feasible, I would recommend using public key authentication and
    > disabling password authentication.
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.1 (GNU/Linux)
    > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
    >
    > iD8DBQFDeknDuY7WcSII22oRAqCHAJ0cidbUKqRm4qUKzu/8buP/62haAgCcDJhf
    > H7mx4DzKwoJz01a/R6gVN+M=
    > =r+xe
    > -----END PGP SIGNATURE-----
    >

  • Next message: Jason Muskat: "RE: Hard drive encryption in windows"

    Relevant Pages

    • Re: Cisco PIX with SSH enabled on external port for maintenance
      ... I took the original poster as wanting to enable SSH to the PIX itself ... - PIX SSH does not support public key authentication. ... VPN fixes this by ...
      (Security-Basics)
    • Re: [fw-wiz] Secure access to LAN resources (WAS: terminal services)
      ... > encrypted tunnel. ... VPN devices are designed to do strong authentication. ... It's always a trade-off between risk and protection. ...
      (Firewall-Wizards)
    • Re: IPSec VPN into XP Pro
      ... This page has more information concerning the XP VPN... ... As far as SSH is concerned, I just think its a whole lot easier for home users like myself to setup ... a few consumer grade routers and the problems encountered getting a PPTP tunnel through them... ... > tunnel and set up secure redirections via command line. ...
      (microsoft.public.windowsxp.work_remotely)
    • RE: VPN
      ... possible to verify the identity of the server". ... Authentication, the Internet Authentication Service need to be ... On the VPN server, click Start, click Run, type rrasmgmt.msc, and then ... Windows Authentication, under Accounting Provider, click to select Windows ...
      (microsoft.public.windows.server.sbs)
    • Re: VPN over wireless
      ... The RSA key is for authentication, ... Only the payload data packets are encrypted. ... The key exchange mechanism varies with the type of encryption. ... With a VPN, only the packets going between the VPN client and VPN ...
      (alt.internet.wireless)