| 1 |
On Sun, 2008-02-17 at 07:12 -0800, Grant wrote: |
| 2 |
> > I'd just like to reiterate that most of those don't need any extra |
| 3 |
> > security. SSH and HTTPS are already secure, and IMAP and SMTP can be |
| 4 |
> > accessed over SSL (like HTTPS). These are all secure enough to be |
| 5 |
> > widely used without extra layers of encryption. |
| 6 |
> |
| 7 |
> I'm surprised, but glad to hear this. I was under the impression that |
| 8 |
> opening services like SSH and CUPS to the internet was a bad idea. I |
| 9 |
> guess they're secure enough. That removes #2 and #3 from my 4-part |
| 10 |
> list above. |
| 11 |
> |
| 12 |
> If I can print with CUPS via SSL and submit SMTP mail via alternate |
| 13 |
> port 587, I won't need a VPN or tunnel. |
| 14 |
> |
| 15 |
> Thanks a lot for everyone's help. I'm going to start a new thread for |
| 16 |
> those topics. |
| 17 |
|
| 18 |
What wasn't mentioned is that SSL covers transport encryption, not |
| 19 |
necessarily application security. What that means is if you open IMAP, |
| 20 |
SMTP, CUPS, and SSH daemons over the internet then you also need to keep |
| 21 |
(better) track of security vulnerabilities found in those applications, |
| 22 |
and fix them as needed. SSL alone won't help you there. Whereas if |
| 23 |
you're only running, say OpenVPN over the Internet then that's the only |
| 24 |
application you gotta look out for. |
| 25 |
|
| 26 |
Also, doing things such as running IMAP over SSL using accounts with |
| 27 |
weak passwords doesn't gain you much either. |
| 28 |
|
| 29 |
Just my 2 cents. |
| 30 |
|
| 31 |
-a |
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-user@l.g.o mailing list |
Archives