| Jeff Abrahamson on Thu, 30 Jan 2003 18:50:31 -0500 |
|
On Thu, Jan 30, 2003 at 04:35:58PM -0500, LeRoy Cressy wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Your firewall should not listen for ANY ports! Your firewall should > only forward certain packets to the appropriate box on the dmz network. > I would not allow any ssh logins from the Internet on the firewall. > It would be alright to allow ssh logins on a dmz network box. You're probably right, but on a home network one doesn't always want to devote yet another machine to the network just to have three tiers (fw, dmz, and internal). That's why I allow ssh login on my gateway, but have no other useful data on the gateway, and gateway passwords are substantially different from other passwords. I'd like to put a one-time password authentication program on login on the gateway, but I haven't found one. Anyone else tried this? (The only reason would be for when I log in from public machines, say at Drexel. Then at least I needn't worry that someone's put up a key sniffer. But I try just not to worry...) -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B Attachment:
pgpycSwgC6Soi.pgp
|
|