[clug] secure remote access method
Daniel Pittman
daniel at rimspace.net
Fri Jun 19 12:34:31 GMT 2009
Hugh Fisher <hugh.fisher at anu.edu.au> writes:
> Daniel Pittman wrote:
>
>> After all, you would be extremely hard pressed to find a more security
>> focused group of software maintainers than the core secure login technology
>> of the OpenBSD project, who have as their key selling point that they are
>> secure.
>
> That had been my impression, but I was beginning to doubt it. I know it's not
> what was intended, but the responses gave me the impression that running out
> of the box ssh on your system was almost criminally irresponsible and little
> better than having account name: root password: root
Ah, well. The problem that people are talking about here is a *social*
problem, not a technical one: weak passwords, essentially.
Because it is a social problem you /can't/ solve the general case with a
technical solution, because people will work around it.
Heck, recently a group of very, very technical people I was around had a
discussion about a password system that required a password change every week,
no reuse for 128 passwords[1], minimum length above 20 characters, characters
from all the standard classes[2], no dictionary words, and no more than three
characters in sequence from any one class.
Which was *still* vulnerable to a fairly trivial "rotate the number" guessable
sequence of passwords, and which still left plenty of other risks.
You just /can't/ solve the general case at a technical level, because people
will work around the cumbersome system to fix it. You can, of course, for a
limited environment.
Anyway, finally, if I wanted to provide an "open the firewall after login"
mechanism I would probably run something over HTTPS that took a username and
password.
That can be custom enough to make generic brute force attacks hard[3], and
runs on a system where I can detect attacks and lock out the attacker quickly.
Regards,
Daniel
Footnotes:
[1] In other words, more or less forever.
[2] Alphabetical, numeric, symbols. I think they had something else too, but
I can't recall what. Oh, well.
[3] In this case, the URL and HTML-form namespace is large enough that you
can quite reasonably count on obscurity to be a useful component of the
defence for some time yet.
More information about the linux
mailing list