Educause Security Discussion mailing list archives
Re: Thoughts on Jericho Forum
From: Cal Frye <cjf () CALFRYE COM>
Date: Thu, 14 Jun 2007 16:04:28 -0400
Bruce Curtis wrote:
I think a better model is to have hosts protect themselves and use native transport IPsec to connect to servers. IPsec allows us to allow exactly the set of users to access a server, and only those users, no matter were they are. No other users, even in the same subnet as the server can scan the servers for Microsoft vulnerabilities.
This becomes something of a management issue again, when you no longer have a monoculture of server OS and a unified directory... Faculty-run "servers" tend to have a default-permit strategy, whether born of laziness or ignorance doesn't matter. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "The gods too are fond of a joke. " - Aristotle (384-322 B.C.)
Current thread:
- Thoughts on Jericho Forum David Morton (Jun 13)
- <Possible follow-ups>
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 13)
- Re: Thoughts on Jericho Forum Lovaas,Steven (Jun 14)
- Re: Thoughts on Jericho Forum Mclaughlin, Kevin (mclaugkl) (Jun 14)
- Re: Thoughts on Jericho Forum Deke Kassabian (Jun 14)
- Re: Thoughts on Jericho Forum Lovaas,Steven (Jun 14)
- Re: Thoughts on Jericho Forum Karen Duncanson (Jun 14)
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 14)
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 14)
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 14)
- Re: Thoughts on Jericho Forum Cal Frye (Jun 14)
- Re: Thoughts on Jericho Forum Jordan Wiens (Jun 17)
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 18)
- Re: Thoughts on Jericho Forum Gary Flynn (Jun 19)
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 19)