nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH on the router - was( IT security people sleep well)

From: Alex Bligh <alex () alex org uk>
Date: Mon, 07 Jun 2004 22:12:36 +0100



--On 07 June 2004 11:10 -0700 Randy Bush <randy () psg com> wrote:


It makes more sense to funnel everything through secure gateways and
then use SSH as a second level of security to allow staff to connect
to the secure gateways from the Internet. Of course these secure
gateways are more than just security proxies; they can also contain
diagnostic tools, auditing functions, scripting capability,
etc.


and all the other things single points of failure need.  like
pixie dust, chicken entrails, ...


Where did the word "single" come from, given he had an "s" on gateways?
Replicate them across POPs. Having lots of routers accessible from a small
number of machines, which are (relatively) widely accessible but can be
firewalled to hell, seems a better option than having lots of routers
accessible from a large number of machines (esp. ones outside ones own
administrative domain, e.g. home machines). YMMV. [no I don't think
they need the other pixie dust stuff on though]

Alex
Previous By Date Next
Previous By Thread Next

Current thread: