Secure network

jeff vier jeff.vier at tradingtechnologies.com
Wed Feb 11 21:20:34 CET 2004

Previous message: Secure network
Next message: Secure network
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-02-11 at 14:02, Michael Gale wrote:
> What ? so I have a internal CA ... the web server only trust this CA. All
> clients which require access have to have a cert signed by the CA.
> Now you are saying that is someone steals the private key they can sign certs.
> If someone has this type of access .. I think that having my stolen private key
> would not be the only problem ?

Well, yes.  But you would be surprised at how much is 're-used' after
rebuilding a cracked system.

> So how is this different then using a trusted CA ? I am not self signing my
> certs. I have a CA set up inside and the web server cert is signed by that CA.

Because, if I'm a paying client, for instance, and you're housing
sensitive information about me and my systems, *I* don't know that your
CA cert is 'good'.

> Sure the internal clients have to import a cert signed by it and import the CA
> into their browsers.
> But once that CA is imported how is it less secure a verisign signed cert ?

If it's purely internal, I don't think it matters as much.  But you
didn't say that before :) (and the grandparent post wasn't specific,
either - just 'how secure is Nagios?')

> If a web server is only being accessed by company a few employes to view system
> status and monitoring. Paying for a cert signed by a "trusted CA" is not worth
> it.

Agreed. (if a VPN connection is not an option and the person *has* to
see the GUI)

> Why don't we just suggest that nagios only be viewable over a VPN connection ?

That's what I would recommend, yes.



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Secure network
Next message: Secure network
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list