[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote login



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Chris" == Chris Travers <..hidden..> writes:
    >> As far as I'm concerned, SSH tunnels (from windows, using
    >> passwords), SSL (HTTPS), IPsec (using PSK), and OpenVPN (often
    >> using PSK) are all pretty much equivalent in security.  HTTPS is
    >> the simplest to support.

    Chris> Properly configured, I would generally agree with this.  The
    Chris> only thing I would add is that I would only put HTTPS in that
    Chris> category for access to LedgerSMB if client-side certificates
    Chris> are verified.  HTTPS otherwise is nothing more than an
    Chris> anti-eavesdropping measure and fails to provide the
    Chris> additional level of protection that requiring a pre-shared
    Chris> key in the other options provides.

I disagree.

If you are using passwords with SSH, IPsec (PSK), or OpenVPN, then it is
equivalent to HTTPS using passwords.  Sure there are some minor
differences in terms of resistance to SYN attacks, and stuff like that,
but I think that is minor.

What I'm implying is that if you are not using client-side
certificates/RSA-keys for your SSH, IPsec or OpenVPN security (on top of
your port-80 ledgersmb), then it's not really very secure at all.  You
might as well stick with HTTPS using passwords. 

- -- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] ..hidden.. http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBS7ANhYCLcPvd0N1lAQLn1wf6A82N4NW8oZu9CXn7sQB05TmskoE1Z4hO
EzMUSFZtQU9d/lAVCN9DqxcW0aZVNeIV/mxLE3hYVvWtVBSZZ7JMjpydVL4lnaBI
1xlMxJa/TVJFlIQjwbaVNfwWBQsfyCWz8h67gxMd91Nv++6+BiJPDP2pdNxP+Mbv
1AWWMi4YOPlLfZA5SFl6Z1IK2K463imwPQlTSlFKxbWc/10tOLEWQ6Y8mffCWzBd
NSGJnLziCHW7FSYMGNoFm+57dxQbGzsz87i+g8DJ5UUD9vs/x5Dhu71e+WtZ9qF6
GRHY153JKCn8V2hfbEDmgj7h+/F+uoKRF6BwxefurOugw9CHdekH4Q==
=G+UK
-----END PGP SIGNATURE-----