Educause Security Discussion mailing list archives
Re: How do you all handle SSH access to campus resources?
From: Michael Horne <Michael.Horne () OLIN EDU>
Date: Wed, 4 May 2005 12:43:36 -0400
Sorry let me elaborate a bit more on this. We also have VPN access for windows users and select number of MAC's as well, but the issue is more for faculty who use linux and need to access internal linux systems, and that the linux clients aren't free for VPN access. So SSH is a viable solution for most of there needs. Just we would like to limit our exposure to the world via SSH access Thanks again Mike -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chad McDonald Sent: Wednesday, May 04, 2005 11:32 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] How do you all handle SSH access to campus resources? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We are moving towards requiring a VPN connection for SSH access from off campus. Thanks, Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University 478.445.4473 Office 478.454.8250 Cell 478.445.1202 Fax ________________________________ From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Horne Sent: Wednesday, May 04, 2005 11:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] How do you all handle SSH access to campus resources? Hello, First time poster here looking for some info on how Universities and others handle SSH access to there campus and how restrictive it is configured. I have been following the SSH thread and this aspect has not come up to date. By the way we have implemented some of the recommendations posted. Thanks! Background here is we are a small college with 200+ students and 75+ faculty members IT is made up by 15 people and we do it all, I am the network / security eng. Currently we have a single SSH gateway on a DMZ. We allow connections from the internet and are allowing port forwarding through the gateway to internal resources. We have as you all have been spam'd by the number of brute force attempts into our systems. I have been tasked with trying to cut down the allowed source IP's and was wondering how and if any of you have any luck with global blocking of ranges from known abuse sources for SSH access? I.e... Anyone have any luck with blocking APNIC ranges for home cable modem users which seems to be a large source of the brute force attempts? Any info would be greatly appreciated. Thanks Mike Michael Horne Network Engineer Olin College Olin Way Needham, MA 02492 781-292-2438 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQnjrAzNg/DEZZq7MEQLOEgCglVt+iAo1h/NrEHeYOXgkE6BZD+EAnj+l 9nxGXLdf5Q8ybvvUqoKsIAD2 =POfJ -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- How do you all handle SSH access to campus resources? Michael Horne (May 04)
- <Possible follow-ups>
- Re: How do you all handle SSH access to campus resources? Chad McDonald (May 04)
- Re: How do you all handle SSH access to campus resources? Jeff Kell (May 04)
- Re: How do you all handle SSH access to campus resources? Michael Horne (May 04)
- Re: How do you all handle SSH access to campus resources? David Shettler (May 08)