On Wed, 21 Nov 2007, Damien Hull wrote:
> What are your thoughts on gate keepers?
>
> I'm thinking about sticking one on my network. This would be the box
> that receives ssh connections from the out side. Once I'm in I can ssh
> to other systems on my network. If someone breaks I can reinstall.
>
> This would also have a few extras like ssh keys etc...
That's an excellent idea, something I do as well. I keep one bastion host
that does nothing but ssh. All other hosts on the subnet only allow
connections from the local domain and/or subnet. That dramatically reduces
the attack surface so dictionary attacks can't be simply continued on
another host.
Ideally that host should also be doing remote syslogging for all
authentication attempts.
Way to think ahead, Damien, I'm impressed!
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Nov 22 11:00:54 2007
This archive was generated by hypermail 2.1.8 : Thu Nov 22 2007 - 11:00:55 AKST