Educause Security Discussion mailing list archives
Re: Remote Access to Staff Desktops
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 20 Feb 2009 00:45:58 -0500
On Wed, 18 Feb 2009 09:14:52 CST, Mark Monroe said:
We allow it only through VPN. For Users who say they need ssh open without vpn, they can have it open only if they implement technology on their box that will blacklist any ip address after 3 failed attempts and any ip address that tries to use root. I have not opened any yet outside systems run by core IT staff. I guess they didn't really need it.
Or they really *did* need it, but they ran into troubles deploying your requirements, gave up, and are now fulfilling their business need with some cobbled-up scheme involving storing their data on some offsite server you have absolutely no administrative control over... ;) (I've seen more than one "block any address that tries to use root" go badly astray when the sysadmin accidentally tried to ssh to the other box from an 'su' window on their local box, and then was of course unable to connect to the remote box to fix the problem. Of course, at that point, they were *also* unable to fix the *other* problem which was the reason they were ssh'ing to the box in the first place. Anybody want to guess what happened to that code as soon as that sysadmin *was* able to login? ;)
Attachment:
_bin
Description:
Current thread:
- Re: Remote Access to Staff Desktops, (continued)
- Re: Remote Access to Staff Desktops David Grisham (Feb 18)
- Re: Remote Access to Staff Desktops Justin Dover (Feb 18)
- Re: Remote Access to Staff Desktops Consolvo, Corbett D (Feb 18)
- Re: Remote Access to Staff Desktops John Ladwig (Feb 18)
- Re: Remote Access to Staff Desktops Cal Frye (Feb 18)
- Re: Remote Access to Staff Desktops Emilio Valente (Feb 18)
- Re: Remote Access to Staff Desktops Hugh Burley (Feb 18)
- Re: Remote Access to Staff Desktops Anthony Maszeroski (Feb 18)
- Re: Remote Access to Staff Desktops Greg Francis (Feb 18)
- Re: Remote Access to Staff Desktops Stanclift, Michael (Feb 18)
- Re: Remote Access to Staff Desktops Valdis Kletnieks (Feb 19)
- Re: Remote Access to Staff Desktops Dexter Caldwell (Feb 20)
- Re: Remote Access to Staff Desktops Himes, Daniel (Feb 20)
- Re: Remote Access to Staff Desktops Hammond, Stanley (Feb 20)
- Re: Remote Access to Staff Desktops Scott Dier (Feb 20)
- Re: Remote Access to Staff Desktops Miller, Don C. (Feb 20)
- Re: Remote Access to Staff Desktops James R. Pardonek (Feb 20)
- Re: Remote Access to Staff Desktops Valdis Kletnieks (Feb 21)
- Re: Remote Access to Staff Desktops Dexter Caldwell (Feb 22)
- Re: Remote Access to Staff Desktops Avdagic, Indir (Feb 23)
- Re: Remote Access to Staff Desktops Hugh Burley (Feb 25)