Educause Security Discussion mailing list archives

Re: How do you all handle SSH access to campus resources?

From: Chad McDonald <chad.mcdonald () GCSU EDU>
Date: Wed, 4 May 2005 11:32:20 -0400


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We are moving towards requiring a VPN connection for SSH access from
off campus.

Thanks,
Chad McDonald, CISSP
Chief Information Security Officer
Georgia College & State University
478.445.4473  Office
478.454.8250 Cell
478.445.1202 Fax


________________________________

From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Horne
Sent: Wednesday, May 04, 2005 11:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] How do you all handle SSH access to campus
resources?



Hello,

First time poster here looking for some info on how Universities and
others handle SSH access to there campus and how restrictive it is
configured.

I have been following the SSH thread and this aspect has not come up
to date. By the way we have implemented some of the recommendations
posted.

Thanks!

Background here is we are a small college with 200+ students and 75+
faculty members IT is made up by 15 people and we do it all, I am the
network / security eng.

Currently we have a single SSH gateway on a DMZ.
We allow connections from the internet and are allowing port
forwarding through the gateway to internal resources.
We have as you all have been spam'd by the number of brute force
attempts into our systems.
I have been tasked with trying to cut down the allowed source IP's
and was wondering how and if any of you have any luck with global
blocking of ranges from known abuse sources for SSH access?

I.e... Anyone have any luck with blocking APNIC ranges for home cable
modem users which seems to be a large source of the brute force
attempts?

Any info would be greatly appreciated.

Thanks
Mike


Michael Horne
Network Engineer
Olin College
Olin Way Needham, MA 02492
781-292-2438

********** Participation and subscription information for this
EDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/groups/.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQnjrAzNg/DEZZq7MEQLOEgCglVt+iAo1h/NrEHeYOXgkE6BZD+EAnj+l
9nxGXLdf5Q8ybvvUqoKsIAD2
=POfJ
-----END PGP SIGNATURE-----

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Attachment: PGPexch.rtf.pgp
Description:

Current thread:

How do you all handle SSH access to campus resources? Michael Horne (May 04)
- <Possible follow-ups>
- Re: How do you all handle SSH access to campus resources? Chad McDonald (May 04)
- Re: How do you all handle SSH access to campus resources? Jeff Kell (May 04)
- Re: How do you all handle SSH access to campus resources? Michael Horne (May 04)
- Re: How do you all handle SSH access to campus resources? David Shettler (May 08)