[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote login
- Subject: Re: Remote login
- From: Michael Richardson <..hidden..>
- Date: Sun, 28 Mar 2010 22:16:38 -0400
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Chris" == Chris Travers <..hidden..> writes:
>> As far as I'm concerned, SSH tunnels (from windows, using
>> passwords), SSL (HTTPS), IPsec (using PSK), and OpenVPN (often
>> using PSK) are all pretty much equivalent in security. HTTPS is
>> the simplest to support.
Chris> Properly configured, I would generally agree with this. The
Chris> only thing I would add is that I would only put HTTPS in that
Chris> category for access to LedgerSMB if client-side certificates
Chris> are verified. HTTPS otherwise is nothing more than an
Chris> anti-eavesdropping measure and fails to provide the
Chris> additional level of protection that requiring a pre-shared
Chris> key in the other options provides.
If you are using passwords with SSH, IPsec (PSK), or OpenVPN, then it is
equivalent to HTTPS using passwords. Sure there are some minor
differences in terms of resistance to SYN attacks, and stuff like that,
but I think that is minor.
What I'm implying is that if you are not using client-side
certificates/RSA-keys for your SSH, IPsec or OpenVPN security (on top of
your port-80 ledgersmb), then it's not really very secure at all. You
might as well stick with HTTPS using passwords.
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] ..hidden.. http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----