[lug] security question

George Sexton georges at mhsoftware.com
Thu Jun 3 17:59:41 MDT 2010 

The point I tried and failed to make is that SSH is a complex system to
administer and it create its own set of issues.

You now have key management thrown in, along with a way to limit the
capabilities so that someone with that key cannot start a remote session.

SSH is more complicated than a simple web server. The more complicated any
software is, the more likely it is that there are defects that can be
exploited.

The theory of defense in depth is a sound one. I was reading FM's on the
topic a long time ago. However, if you make your perimeter wider, it's
self-defeating.

-   << Externally visible surface with one mechanism

-  << This is what you think you're getting. DID
-

--  << This is what you are actually getting.
--

Practically speaking, the attacker doesn't have to get through both defenses
to compromise the data. If he can get through SSH, he can probably set up a
root exploit and take over the whole machine. So, once the user gets into
the machine, the fact that you have some random encrypted file on the server
isn't going to help matters.

If SSH with keys is no more susceptible to attack than anonymous web
service, then great use it. If, on the other hand, using SSH makes the
system MORE vulnerable then you're decreasing the security. I personally
think SSH is much more susceptible to exploit. And just to clarify, when I
talk about a web server, I'm talking about a minimal web server without
things like PHP, mod_everything, etc.

However, I'm sure that there are plenty of experts who will disagree with my
analysis.


George Sexton
MH Software, Inc.
303 438-9585
www.mhsoftware.com


> -----Original Message-----
> From: lug-bounces at lug.boulder.co.us [mailto:lug-
> bounces at lug.boulder.co.us] On Behalf Of Nate Duehr
> Sent: Thursday, June 03, 2010 5:06 PM
> To: Boulder (Colorado) Linux Users Group -- General Mailing List
> Subject: Re: [lug] security question
> 
> On 6/3/2010 9:47 AM, George Sexton wrote:
> > You have to weigh whether the additional security of using SSH to
> move
> > already encrypted data is superior to using a simpler protocol.
> >
> 
> I like both.  Belt & Suspenders.  Why?...
> 
> > For example, if the data is strongly encrypted you could just use a
> simple
> > web server to host the data. It cuts out the SSH side and a lot of
> > complexity. The argument against that is that "anyone" could download
> the
> > encrypted data. What would they then do with it?
> >
> 
> Strongly encrypted today, is tomorrow's moderately encrypted. ;-)  DES
> anyone?
> 
> This, of course, goes for both the encryption used on the file itself,
> and the encryption on the transport.  Pick two DIFFERENT algorythms.
> 
> Nate
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667
> channel=#hackingsociety

More information about the LUG mailing list