OT: Security question (openssl vs openssh)
Bill Campbell
freebsd at celestial.com
Tue May 3 17:31:57 UTC 2011
On Tue, May 03, 2011, Mark Moellering wrote:
> Everyone,
> I am looking into setting up a webserver to hold some very sensitive
> information. I am trying to figure out which is more secure, forcing
> any web connections to be done using an ssh tunnel or forcing ssl.
> I have not been able to figure out if one is definitively much more
> secure than another or if they are close to the same. I would have
> initially thought the ssh tunnel was more secure but knowing that ssl
> can use AES-256, I am now wondering if that isn't adding a complexity
> for little extra security.
Our solution for critical services like this is to run the
service only on a private LAN segment which is available from the
outside world only through an OpenVPN connection. The OpenVPN
connection requires unique keys for each client which are easily
revoked if a laptop is lost or stolen or on employee termination.
It also isolates the web service from other external attacks via
insecure PHP scripts and such.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
If the personal freedoms guaranteed by the Constitution inhibit the
government's ability to govern the people, we should look to limit those
guarantees. -- President Bill Clinton, August 12, 1993
More information about the freebsd-questions
mailing list