BSDstats Project v2.0 ...
Paul Schmehl
pauls at utdallas.edu
Fri Aug 11 16:49:28 UTC 2006
Matthew Seaman wrote:
> Paul Schmehl wrote:
>
>> 1) encrypt the data being fed to your systems by the script - this
>> should be relatively easy using keys and would ensure that a man in the
>> middle attack would fail. You can connect using ssh and a unique key
>> without having to reveal passwords to anyone.
>
> Uh... HTTPS surely? Because it's relatively simple to implement on both
> client and server, doesn't require extra software installed on every client
> beyond the monthly stats script itself and because of the way that HTTPS
> uses a one-sided Diffie Helmann exchange to create session keys which means
> that you don't have any trouble with key management on the many thousands
> of client boxes out there...
>
I defer to your obviously greater experience and wisdom. :-)
I would note that these issues appear to be impacting the project. As
of right now, there are only 1612 systems reporting in, and I suspect
there are a much greater number of systems distributed throughout the
computing universe. Certainly some can be attributed to the newness of
the project and the small amount of promotion done to date, but I can't
help but think that at least some of it is due to hesitancy on the part
of some to submit their data.
For my part, I've submitted two public hosts. I have four others I will
not submit until I'm certain the data are securely transmitted and stored.
Surely I'm not alone?
--
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5268 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060811/d0233e9f/smime.bin
More information about the freebsd-questions
mailing list