Server Security (was SSH attack)

Ben Scott dragonhawk at gmail.com
Tue Dec 20 09:37:01 EST 2005


On 12/20/05, Neil Joseph Schelly <neil at jenandneil.com> wrote:
> It sounds like the network you're using now could use a VPN.

  VPN's are great at creating tunnels between two trusted systems. 
They're not so good when one party (say, a hosting company) wants to
provided restricted access to another party (say, their customer)
without opening up everything.  Put more bluntly, those additional
barriers were presumably put in place on purpose.  Tearing them down
with a VPN would be counter-productive.

  Sure, you could configure a VPN with a very restrictive access
policy, such that only a few TCP ports (SSH, MySQL, etc.) are allowed
through.  But they've already got that with SSH.  Adding a VPN means
added complexity, and adds issues like IP address space conflicts. 
Why bother?

  VPNs may be the most over-suggested technology in IT history. 
People want to throw a VPN at every remote access problem.  VPNs serve
a purpose, and are very useful for that purpose, but they are not a
panacea.

-- Ben "If I had a nickle for every time someone suggested a VPN, I'd
have a lot of nickles" Scott



More information about the gnhlug-discuss mailing list