Re: DM vs DD and security
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, Mar 20, 2007 at 06:02:27PM +1100, Robert Collins wrote:
> On Mon, 2007-03-19 at 05:41 -0400, Kevin Mark wrote:
> > And if its large, then could this be reduced in some way by having the
> > more common tasks be replaced by a web frontend with password access
> > and leave fewer tasks that require ssh access.
> Because ssh is /less/ secure than ssl?
While I do not claim to be a security expert, I was trying to address a
few points: the need for ssh access which is a current privilege for
DDs. I assume that physical access is not a big problem for Debian
infrastructure and that external attacks are being guarded against. This
leaves local access. If local access is reduced to those who need it (by
my idea DM's would not normally need this) and common tasks can be made
'more secure' by making them done through a web interface (w/ ssl), this
would eliminate possible human error (rm -rf or similar) and increase
security by limiting access to DDs.
But I have yet to receive any guess as to the amount of local ssh access
that is used by DDs. If 99% of DDs need ssh access that requires a
random set of commands, then this will not work. But if only 10% of DDs
need ssh access, then it would be beneficial and would advance the idea
of have DC/DMs not needing ssh access and inclusion in the keyring and
a local user account created by DAM? (the last step in NM?) and allowing
a separation based upon need, security, skill and responsibility.
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal |mysite.verizon.net/kevin.mark/|
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keyserver: subkeys.pgp.net | my NPO: cfsg.org |
|join the new debian-community.org to help Debian! |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----