Mailinglist Archive: opensuse (1837 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Anton Aylward <anton.aylward@xxxxxxxxxx>
  • Date: Fri, 10 Sep 2010 08:33:46 -0400
  • Message-id: <4C8A25AA.9070401@xxxxxxxxxx>
Per Jessen said the following on 09/10/2010 02:13 AM:

I couldn't care less, but it's company policy only to allow external ssh
access via the gateway anyway.

Indeed.
A common and respectable security control.

OK, no single control is all-powerful and invincible, but that is no
reason to gainsay it and discard it.

The point that James keeps making is that the 'Net of today is not the
'Net of the 1970s and 1980s (BTDT) and unfettered peer-to-peer access is
not required. That is why we have isolated subnets.

Heck, many of my clients have subnets _within_ their premises that are
behind a firewall (or even NAT'ed) to restrict access. One bank has a
subnet where all the internal data services, ldap & web based
directories, are behind a NAT and you need SSH+token to get there to
maintain them. Special ports? Yes, but that's all hidden in the
application software, so "who cares". Not the users. Its all
transparent. From the POV of the application developers its no
different to writing any other API-driven interfaces.


--
The great successful men of the world have used their imagination ...
think ahead and create their mental picture in all it details, filling
in here, adding a little there, altering this a bit and that a bit, but
steadily building - steadily building. -- Robert Collier
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread