[Gllug] Limiting SSH access

[James Bailey]

> -----Original Message-----
> From: French, Alastair [mailto:Alastair.French at racalinstruments.com]
> Sent: Thursday, April 03, 2003 11:02 AM
> To: 'gllug at linux.co.uk'
> Subject: RE: [Gllug] Limiting SSH access 
> 
> 
> Thanks for all the replies
> 
> I have passed the details onto our sysadmins.
> 
> They only asked me as they know I run Linux at home and they 
> are all Windows
> people.
> 
> The machine in question will be running accounts s/w and need to be
> accessible by the external company that do our accounts 
> (thats why they
> don't want in the DMZ). They supplied the box and set it up 
> intially. I get
> the feeling that our guys would like to secure it a bit more 
> and would like
> to have some ideas before going back to the accounts lots 
> with some ideas.
> 
> Most of the NT boxes have the appropriate restrictions in 
> place to stop
> unauth access to critical stuff, but I guess this is just an extra
> precaution.

I think that a mixture of IPtables and sudo should cover most eventualities
your admins need to worry about.  You could back it up with mail and SMS
alerts from sensitive internal hosts if the box in question attempt to
connect to them when it obviously should not.  Something that is simple with
*nix hosts and shouldn't be that difficult on Windows boxes.  You may also
want to look at Kernel level ACLs though I don't know enough about ACLs to
do more than suggest it as a possibility. 

Peace Jim

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug