Hosting Provided By

Re: Securing ssh tunnels.

From: Greg A. Woods <woods(at)weird.com>
Date: Fri Jun 27 2003 - 16:26:16 EDT

[ On Thursday, June 26, 2003 at 18:17:01 (-0700), Roy S. Rapoport wrote: ]
> Subject: Re: Securing ssh tunnels.
>
> It's a strange way to look at things, but it's actually quite valid, and in

People who don't understand covert channels should not ever try to do any kind of data communications in any public environment whatsoever.

If some security officer at some financial institution doesn't understand the ubiquity and the implications of covert channels then they should be fired immediately. Really.

SSH is the very least of anyone's worries when it comes to covert channels.

> But with SSH/HTTPS, you're screwed -- there's no way to figure out what
> the user is sending out. It is, from your point of view, less secure, much
> like the government feels it's less secure for everybody to have cyphers
> the NSA can't crack.

If you can't control your data flow without trying to prevent covert channels then: (a) You've lost before you started; and (b) Your backend security is completely worthless.

-- 
								Greg A. Woods

+1 416 218-0098;            ;           
Planix, Inc. ; VE3TCP; Secrets of the Weird

Received on Fri Jun 27 18:51:37 2003

This message: [ Message body ]
Next message: Ender110(at)aol.com: "SSH Mac to PC"
Previous message: Brian Hatch: "Re: More on passwordless logins"
In reply to Roy S. Rapoport: "Re: Securing ssh tunnels."
Next in thread: Roy S. Rapoport: "Re: Securing ssh tunnels."
Reply: Roy S. Rapoport: "Re: Securing ssh tunnels."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:00 EDT

Do you need help?