[clug] VM Preferences
Geoff Swan
shinobi.jack at gmail.com
Sun Jun 7 03:43:03 GMT 2009
On Sun, Jun 7, 2009 at 10:11 AM, Tomasz Ciolek <tmc at vandradlabs.com.au>wrote:
In my experience, when talking about security and cryptography, too many
> people out there complicate life without a good reason to do so, and
> without uderstanding of what are the risks and threats they are
> protecting against.
>
I specialize in over complicating. I am terrible in this respect. The reason
I am setting this up at the moment is in an attempt (perhaps ironically) to
simplify my wireless security. I have a CA and Radius server set up already
with WPA2 AES etc etc. But when I first set it up I was mostly hacking the
bits and pieces together in a hurry to get it working... I think I have
multiple CA root certs and keys on the server itself which is also the
Radius server... And this is just my home network.. so its not like it even
*needs* WPA2 Radius security... The server in question is probably a good
example of how not to set up a server security wise... But I learn a fair
bit by doing everything wrong first. I got a response suggesting running the
CA on a USB live disk, but I much prefer your suggestion of just protecting
the CA signing key. If I understand correctly, by protecting the CA signing
key appropriately the whole separate VM or Live disk for the CA issue
becomes moot...
cheers,
--
Geoff
'you think you're thinking, therefore you possibly are' - grant naylor
More information about the linux
mailing list