On Fri, 2006-07-14 at 11:57 -0400, Max Spevack wrote:
I'm sure you guys are all following the stories on slashdot about
the
problems that Debian is having due to password insecurity that led to a
compromised account.
What sort of safeguards do we have? Is this a good time to thnk about how
we can improve our security *before* there is a problem rather than after?
Do we have some sort of general plan for what to do if one of our public
boxes is compromised, so that we don't act randomly, or forget things in
the panic of the moment?
I dunno if you've been on this list before today but we've been talking
about that subject quite a bit.
We've already covered the idea of relying SOLELY on ssh keys for
shell-level access to systems and the possibility of requiring client
ssl keys for web-access.
Mike brought up the idea of subdividing things a bit tighter in terms of
who can login to what systems so we don't have too much 'global' access.
yes, we're moving on all of these things.
-sv