Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Transmitting Sensitive Information between Servers

From: Chad Perrin <perrin () apotheon com>
Date: Mon, 8 Sep 2008 18:52:52 -0600
On Mon, Sep 08, 2008 at 02:31:53PM -0500, Nathaniel Hall wrote:

Basha, Arif wrote:

We have a policy to not pass user name/password, etc in clear between
servers within our DMZ.  Is this being too pedantic?

I would be interested to hear how others have this implemented?

Thanks.
Arif

I don't think that is unreasonable.  I have a pretty strict belief that
no sensitive information (PII or logon credentials) should be passed in
the clear, even if it is within a closed network.  I have always setup
SSL connections or, where SSL is not possible, a script that keeps an
SSH tunnel open.  I have been very successful with my SSH tunnel scripts
that restart the tunnel of it is ever closed or fails.


Agreed.  I don't use telnet even on my own personal network at home.  I
use SSH instead.

-- 
Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ]
Jon Postel, RFC 761: "[B]e conservative in what you do, be liberal in
what you accept from others."

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: