On Fri, 2006-07-14 at 11:57 -0400, Max Spevack wrote:
I'm sure you guys are all following the stories on slashdot about the problems that Debian is having due to password insecurity that led to a compromised account.
What sort of safeguards do we have? Is this a good time to thnk about how we can improve our security *before* there is a problem rather than after?
Do we have some sort of general plan for what to do if one of our public boxes is compromised, so that we don't act randomly, or forget things in the panic of the moment?
I dunno if you've been on this list before today but we've been talking about that subject quite a bit.
We've already covered the idea of relying SOLELY on ssh keys for shell-level access to systems and the possibility of requiring client ssl keys for web-access.
Mike brought up the idea of subdividing things a bit tighter in terms of who can login to what systems so we don't have too much 'global' access.
yes, we're moving on all of these things.
-sv