Secure network

Michael Gale michael.gale at utilitran.com
Wed Feb 11 21:45:33 CET 2004

Previous message: Secure network
Next message: Secure network
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sorry ... I should of said that our nagios machine is available only on the
internal network.

I totally agree with Jeff ... if you have paying customers you should have a
cert signed by a public trusted CA.

Michael

On Wed, 11 Feb 2004 14:20:34 -0600
jeff vier <jeff.vier at tradingtechnologies.com> wrote:

> On Wed, 2004-02-11 at 14:02, Michael Gale wrote:
> > What ? so I have a internal CA ... the web server only trust this CA. All
> > clients which require access have to have a cert signed by the CA.
> > Now you are saying that is someone steals the private key they can sign
> > certs. If someone has this type of access .. I think that having my stolen
> > private key would not be the only problem ?
> 
> Well, yes.  But you would be surprised at how much is 're-used' after
> rebuilding a cracked system.
> 
> > So how is this different then using a trusted CA ? I am not self signing my
> > certs. I have a CA set up inside and the web server cert is signed by that
> > CA.
> 
> Because, if I'm a paying client, for instance, and you're housing
> sensitive information about me and my systems, *I* don't know that your
> CA cert is 'good'.
> 
> > Sure the internal clients have to import a cert signed by it and import the
> > CA into their browsers.
> > But once that CA is imported how is it less secure a verisign signed cert ?
> 
> If it's purely internal, I don't think it matters as much.  But you
> didn't say that before :) (and the grandparent post wasn't specific,
> either - just 'how secure is Nagios?')
> 
> > If a web server is only being accessed by company a few employes to view
> > system status and monitoring. Paying for a cert signed by a "trusted CA" is
> > not worth it.
> 
> Agreed. (if a VPN connection is not an option and the person *has* to
> see the GUI)
> 
> > Why don't we just suggest that nagios only be viewable over a VPN connection
> > ?
> 
> That's what I would recommend, yes.
> 
> 
> 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Secure network
Next message: Secure network
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list