On Thu, May 08, 2003 at 04:17:31PM +0200, Adam Borowski wrote: > > Security should be end-to-end, not point-to-point. The sheer number of > > times a site has been compromised because their "secure" network > > wasn't and somebody was using rsh... > The problem is that, to be secure, it is not enough to encrypt just the > login sessions. All mounted filesystems, X sessions, everything, would > have to be encrypted as well -- and that takes good modern machines just > to enjoy that 100Mb network. All the passwords I have stored on my filesystems *are* encrypted. Aren't yours? > Also, if someone can subvert my firewall, I'm already screwed, and > everything ssh can do for me is to reduce further damage. Bingo. As in, "rooted one box" rather than "rooted all my boxes, stole my gpg keys, ssh keys, passwords, and set my cat on fire". That's a pretty big improvement. Don't think it won't happen to you, because it always does. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | Dept. of Computing, `. `' | Imperial College, `- -><- | London, UK
Attachment:
pgpa9h2nVbCcc.pgp
Description: PGP signature