[cfgeeks] And Xen what happened?

[Kevin Korb]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nooooo, port knocking is just an extra hassle in the name of security
through obscurity.  If your service is secure then port knocking isn't
needed and if your service is not secure it only protects you from
trivial botnet attacks.

- -- 
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
 	Kevin Korb			Phone:    (407) 252-6853
 	Systems Administrator		Internet:
 	FutureQuest, Inc.		Kevin at FutureQuest.net  (work)
 	Orlando, Florida		kmk at sanitarium.net (personal)
 	Web page:			http://www.sanitarium.net/
 	PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~

On Mon, 17 Dec 2007, Gil Young wrote:

> Date: Mon, 17 Dec 2007 16:48:18 -0500
> From: Gil Young <gjyoung at cfl.rr.com>
> To: Central Florida Geeks <cfgeeks at mail.cfgeeks.org>
> Subject: Re: [cfgeeks] And Xen what happened?
> 
> Shawn McMahon wrote:
>> So what do you guys think of this idea:
>>
>> Beef up my Linux server as far as it will go on RAM.  Install Xen.  Add
>> OpenBSD as guest OS, giving it control of two of the NICs.  The host
>> Linux OS takes a third NIC.
>>
>> The OpenBSD box redirects inbound SSH traffic from the WAN to the Linux
>> box, and does the same on the LAN; the only way to get in is to log in
>> on a virtual interface on the Linux server.  This way I get the security
>> of Korb's setup, but save on power and cooling.
>>
> Add port knocking!
>
> _______________________________________________
> cfgeeks mailing list
> cfgeeks at mail.cfgeeks.org
> http://mail.cfgeeks.org/mailman/listinfo/cfgeeks
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7-ecc0.1.6 (GNU/Linux)

iD8DBQFHZvj0VKC1jlbQAQcRAmerAKCEJibj6xVD1NyZBQq/omf0z46WpgCffy1W
1xOeB6SokqPMjzFPp9d3o2I=
=B6pL
-----END PGP SIGNATURE-----