[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-infrastructure-list] better passwords ,etc



On 7/15/06, Jeffrey Tadlock <linux elfshadow net> wrote:

I think this is a great idea.  I think we all know passwords are the
bane of securing any system.  Using keys only would certainly be a move
to the right direction.

In our case though I think there is another problem area where a
password is still a weakness.  The Account System is a component in how
our ssh keys get distributed currently.  So if someone were to
compromise a sysadmin's password for the web based Account System they
would then be able to edit that individual's profile and change the ssh
key for that user which would be distributed across the systems they
have shell access to.  Now the intruder can access the systems with the
ssh key pair they own (at least until the original user noticed they
couldn't login anymore).

At least I think that would be an attack vector that could target a
password.  Perhaps I am unaware of a component of the Account System or
I am missing something else that would cause the above scenario to not
work, so feel free to point out the obvious!

If the above scenario is an accurate one though, we still are relying on
passwords to secure access to the systems to some extent.  It may be an
area we want to look at to force some sort of check or balance to
minimize even that possibility.

While on the topic of security and moving beyond passwords, perhaps the
group as a whole should brainstorm, check settings, etc on the system
and processes from the security perspective.  There are lots of
intelligent individuals on the team and some time spent towards a
security audit of sorts could prove useful just to make sure we are
truly following best practices (or going above and beyond) and aren't
assuming certain things about the system configurations that really
aren't in place.

-Jeffrey

We'll have to find the balance.  We could go key kerberos crazy if we
wanted to.  On the one hand we should have a very secure system.  On
the other hand we cannot burden the developers.  After all thats the
whole reason our team exists... to aid the developers.

It should also be said that I've never actually worked at a place that
would end up on Slashdot if we got hacked....  I guess there's a bit
of pride in me that wants to make sure that if the Fedora
infrastructure ever does get hacked that it doesn't happen on my watch
:-D


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]