1 |
> > > I'd just like to reiterate that most of those don't need any extra |
2 |
> > > security. SSH and HTTPS are already secure, and IMAP and SMTP can be |
3 |
> > > accessed over SSL (like HTTPS). These are all secure enough to be |
4 |
> > > widely used without extra layers of encryption. |
5 |
> > |
6 |
> > I'm surprised, but glad to hear this. I was under the impression that |
7 |
> > opening services like SSH and CUPS to the internet was a bad idea. I |
8 |
> > guess they're secure enough. That removes #2 and #3 from my 4-part |
9 |
> > list above. |
10 |
> > |
11 |
> > If I can print with CUPS via SSL and submit SMTP mail via alternate |
12 |
> > port 587, I won't need a VPN or tunnel. |
13 |
> > |
14 |
> > Thanks a lot for everyone's help. I'm going to start a new thread for |
15 |
> > those topics. |
16 |
> |
17 |
> What wasn't mentioned is that SSL covers transport encryption, not |
18 |
> necessarily application security. What that means is if you open IMAP, |
19 |
> SMTP, CUPS, and SSH daemons over the internet then you also need to keep |
20 |
> (better) track of security vulnerabilities found in those applications, |
21 |
> and fix them as needed. SSL alone won't help you there. Whereas if |
22 |
> you're only running, say OpenVPN over the Internet then that's the only |
23 |
> application you gotta look out for. |
24 |
> |
25 |
> Also, doing things such as running IMAP over SSL using accounts with |
26 |
> weak passwords doesn't gain you much either. |
27 |
|
28 |
Good points Albert. Is a daily 'emerge --sync && emerge -avDuN world' |
29 |
generally enough as far as tracking security vulnerabilities? |
30 |
|
31 |
- Grant |
32 |
-- |
33 |
gentoo-user@l.g.o mailing list |