Thanks everyone for the responses on network security.
OK, I think people have convinced me to install ssh2 for the
internal network too and eliminate telnet altogether.
Next question: in terms of internal security, what do people
do? I know this may sound really silly, but let me give you
a scenario.
Take a company outside of the US where NDA agreements and
contract law realistically doesn't apply. Add 100 people
working there with about 10-15 technically competent workers
with access to the critical data. Base the company value on
the data being stored. How do you secure/protect yourself
from internal threats. (ie. data theft, logic bombs, etc)
Things to keep in mind: the competent techies are all db
programmers and its impossible to audit all the code that's
getting written.
I'm throwing this as a real question bc I have :
a) to face this in my organization
b) have found little valuable information on the public net
which addresses these issues
Any help/ideas/resources would be greatly appreciated.
Thanks,
-Thomas
Sometime near Tue, Apr 10, 2001 at 08:49:45AM -0500, Mikkel L. Ellertson wrote:
> On Mon, 9 Apr 2001, Thomas Duterme wrote:
>
> > Just want some feedback from some of you security minded
> > folk on the list.
> >
> > We've got a setup of boxes which are running ssh2 on the
> > public net (using keys w/ passphrases). No public IPs are
> > allowed telnet access.
> >
> > We've also got a private net for the same servers with a
> > dedicated line from the IDC to the company. Currently,
> > telnet is enabled on that network. (mainly for ease and to
> > eliminate the need for key distribution among all company
> > machines)
> >
> > Question to the list: is there anything *wrong* with this
> > picture. Can you criticize this setup from a
> > security point of view. Specifically interested in hearing
> > what people have to say about the private network telnet
> > access. (note: the private names/Ip's are not publicly
> > available via DNS - ie using a split DNS atmosphere)
> >
> >
> > TIA,
> > -Thomas
> >
> >
> What you have to consider is how secure is your internel network? what
> happens if someone cracks your firewall? Also, how secure physical is
> your internel network? Are there data closets that might be accessed by
> cleaning or maintence people? How about outside contractors? I work as
> a construction electrician, and I have lost count of the places where I
> have had access to the network. I have even had times when we were
> installing CAT-5 cabling where I had a laptop hooked into the network
> monitoring trafic. I have had many more times when I could had put a
> laptop in the data closet sniffing passwords, and no-one would have
> known. This is an area of system security that seams to get overlooked.
>
> Mikkel
> --
>
> Do not meddle in the affairs of dragons,
> for you are crunchy and taste good with ketchup.
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
