Re: vpn vs ssh

From: Marc A. Donges (filter.marc.usenet-200212_at_defiant.hadiko.de)
Date: 05/01/03

• Next message: brambi: "Re: Big security/question"
• Previous message: Greg Hennessy: "Re: vpn vs ssh"
• In reply to: Richard: "vpn vs ssh"
• Next in thread: Joey Paisan: "Re: vpn vs ssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 1 May 2003 14:31:54 +0200

Richard wrote:
> I have a firewall with servers behind it. Currently, the only way to
> access the servers are via a VPN. A programmer has requested ssh
> access thru a firewall NAT to the servers. Historically, I don't do
> this. The programmer's argument is if I allow a VPN connection, then why
> don't I allow an ssh connection. He argues that the VPN is just as
> hackable as the ssh.

That depends on the type of security you desire. With SSH alone you have
message secrecy and message authenticity, so it is "secure". But by
allowing connections from anywhere to the ssh daemon you are exposing
another piece of software to the outside world, which could be abused if
an exploit is found in that software.

> Thoughts? Do you guys allow ssh thru the front of your walls?

Yes.

Marc

-- 
  _ _    Marc A. Donges                      +49 721 6904-2130
  'v'    Klosterweg 28 / E110
 /   \   76131 Karlsruhe          PGP-Key(RSA): 1024R/429D9719
  W W                      http://www.hadiko.de/~marc/marc.asc

---

• Next message: brambi: "Re: Big security/question"
• Previous message: Greg Hennessy: "Re: vpn vs ssh"
• In reply to: Richard: "vpn vs ssh"
• Next in thread: Joey Paisan: "Re: vpn vs ssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)