On Sun, 2008-02-17 at 07:12 -0800, Grant wrote: > > I'd just like to reiterate that most of those don't need any extra > > security. SSH and HTTPS are already secure, and IMAP and SMTP can be > > accessed over SSL (like HTTPS). These are all secure enough to be > > widely used without extra layers of encryption. > > I'm surprised, but glad to hear this. I was under the impression that > opening services like SSH and CUPS to the internet was a bad idea. I > guess they're secure enough. That removes #2 and #3 from my 4-part > list above. > > If I can print with CUPS via SSL and submit SMTP mail via alternate > port 587, I won't need a VPN or tunnel. > > Thanks a lot for everyone's help. I'm going to start a new thread for > those topics.
What wasn't mentioned is that SSL covers transport encryption, not necessarily application security. What that means is if you open IMAP, SMTP, CUPS, and SSH daemons over the internet then you also need to keep (better) track of security vulnerabilities found in those applications, and fix them as needed. SSL alone won't help you there. Whereas if you're only running, say OpenVPN over the Internet then that's the only application you gotta look out for. Also, doing things such as running IMAP over SSL using accounts with weak passwords doesn't gain you much either. Just my 2 cents. -a -- gentoo-user@lists.gentoo.org mailing list
