Subject: Re: Policy questions
To: Nathan J. Williams <nathanw@wasabisystems.com>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-userlevel
Date: 12/31/2003 16:20:27
On Tue, Dec 30, 2003 at 12:09:18AM -0500, Nathan J. Williams wrote:
> 
> And it's also easy for the threat perimiter of that network to be
> breached, often accidentally, by someone who has a machine to attach
> to that network that has previously been attached to the public
> network, or who dials up to a corporate network that is less well
> secured, or so on. It's easy for the fact that the privacy of the
> network is crucial to be forgotten over the years, as staff changes
> and collective knowledge decays. The security of such a setup is
> terribly fragile.

In a setup which uses NFS for home directories, and where you allow users to
have their own known_hosts and authorized_key files, ssh is only marginally
more secure than rsh (it's a bit more work to get the content of a connection,
but it still can be done).

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 23 ans d'experience feront toujours la difference
--