linux.gentoo.user

> > > I'd just like to reiterate that most of those don't need any extra
> > > security. SSH and HTTPS are already secure, and IMAP and SMTP can be
> > > accessed over SSL (like HTTPS). These are all secure enough to be
> > > widely used without extra layers of encryption.
> >
> > I'm surprised, but glad to hear this. I was under the impression that
> > opening services like SSH and CUPS to the internet was a bad idea. I
> > guess they're secure enough. That removes #2 and #3 from my 4-part
> > list above.
> >
> > If I can print with CUPS via SSL and submit SMTP mail via alternate
> > port 587, I won't need a VPN or tunnel.
> >
> > Thanks a lot for everyone's help. I'm going to start a new thread for
> > those topics.
>
> What wasn't mentioned is that SSL covers transport encryption, not
> necessarily application security. What that means is if you open IMAP,
> SMTP, CUPS, and SSH daemons over the internet then you also need to keep
> (better) track of security vulnerabilities found in those applications,
> and fix them as needed. SSL alone won't help you there. Whereas if
> you're only running, say OpenVPN over the Internet then that's the only
> application you gotta look out for.
>
> Also, doing things such as running IMAP over SSL using accounts with
> weak passwords doesn't gain you much either.

Good points Albert. Is a daily 'emerge --sync && emerge -avDuN world'
generally enough as far as tracking security vulnerabilities?

- Grant
--
gentoo-user@lists.gentoo.org mailing list