Security Basics mailing list archives

Re: ssh - AN Security, Authentication, and more...

From: James Kelly <jim () essistants com>
Date: Tue, 11 May 2004 11:29:18 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As someone else mentioned, it is usually smarter to set up the laptop
properly and allow use than to try and block it and ignore the real
problem, the laptop.

The whole point of technology is that it is used.  We could use your
argument to disconnect entire corporate networks.  There is a risk
involved any time you allow any connection to the outside world, but he
will have to weight the risk/benefits for his own situation.  Assuming
their IT department is competent in creating and implementing a security
solution, the "cracker" reading email will be an outside exception
rather than a common occurrence.  So he might want to think about how
much he trusts his team when deciding which direction to go.

Jim

Alvin Oga wrote:
|>| 2.  How have you detered users from using their
|>| laptops at the local coffee shop?
|
|
| imho, i'd add colos, vpns and hotels to the list
|
| as someone else ( next to you ) can follow you into
| the secure corp network from an insecure colo/starbucks/home
|
|
|>I understand the need to be secure, but I think this is being over
|>paranoid.
|
|
| its not an issue until the cracker happens to read "somebody important's"
| email or passwd or see the contents of their disks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAoLkN3IzKSZsd6+oRAmDLAKD6YwVyX/w3nwSeKzq7gFmS+iO4/ACfUm7Y
6wWBRh37KwVwiNAPu50/vgk=
=y/AC
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 offany course! All of our class sizes are guaranteed to be 10 students or lessto facilitate one-on-one interaction with one of our expert instructors.Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master the skillsof an Ethical Hacker to better assess the security of your organization.Visit us at:http://www.infosecinstitute.com/courses/ethical_hacking_training.html

----------------------------------------------------------------------------

Current thread:

WLAN Security, Authentication, and more... tom jones (May 10)
- Re: WLAN Security, Authentication, and more... James Kelly (May 10)
  - ssh - AN Security, Authentication, and more... Alvin Oga (May 11)
    - Re: ssh - AN Security, Authentication, and more... James Kelly (May 11)
- <Possible follow-ups>
- RE: WLAN Security, Authentication, and more... Giddens, Robert (May 10)
- RE: WLAN Security, Authentication, and more... Josh Mills (May 10)
- RE: WLAN Security, Authentication, and more... Joerg Over Dexia (May 11)
- Re: WLAN Security, Authentication, and more... Sandy Carr (May 11)