[Info-vax] SSH
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Sun Feb 20 10:30:24 EST 2011
On 2011-02-20, Phillip Helbig---undress to reply <helbig at astro.multiCLOTHESvax.de> wrote:
> In article <00AAB465.16D9AA14 at SendSpamHere.ORG>, VAXman-
> @SendSpamHere.ORG writes:
>
>> You can easily change the port with:
>>
>> $ ssh -p ####
>> $ sftp -oPort=####>
>> $ scp -P ####
>>
>>
>> Don't you just love that unix command line uniformity? ;)
>
> "When your unix sysadmin mentions security, he's talking about his job."
>
While I would be among the first to strongly criticise traditional Unix
security models (for example, a single root user and lack of a VMS style
privilege model, no VMS-style breakin evasion[1], etc), various versions
of Unix/Linux have acquired some excellent security features in the area
of, for example, mandatory access controls.
See, for example, the NSA developed SELinux MAC environment:
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
http://www.nsa.gov/research/selinux/
What is the current status of MAC in VMS ?
Simon.
[1] Yes, I know about the fail2ban 3rd party package. Scanning the log
files of specific services after the event is not the same as analyzing
the breakin attempts, regardless of source, as they are happening and
before the login attempt is allowed to complete.
Also, does fail2ban handle local users as well as remote ones ?
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list