FC3 Security

James Wilkinson james at westexe.demon.co.uk
Wed Mar 9 17:46:55 UTC 2005


Jeff Kinz wrote:
> Any IT dept that equates sshd to a server is either not up to snuff
> technically (and in a really bad way.), or they are being duplicitous.
> (Thats another word for lying)

If it's open to the outside world? Yes, I'd call that a server. There
have been remote security vulnerabilities in both OpenSSH and SSH.com's
offerings. And I'd want to be sure that the box was being looked after,
had sensible passwords, and was being patched promptly.

"Server" doesn't necessarily mean high-bandwidth. But it does mean
certain security assumptions.

James.

-- 
E-mail address: james | We still have enough spare cardboard sitting around
@westexe.demon.co.uk  | to send a bus by Parcelforce, although not enough
                      | wrapping to be sure they wouldn't deliver it broken
                      | into two pieces.  -- Alan Cox




More information about the users mailing list