[dba-Tech] SSL or SSH or Other?

Jim Lawrence accessd at shaw.ca
Mon Jul 22 17:37:03 CDT 2013


Hi Shamil:

According to an article from "Wired", NSA is actively working on being able to break certain ciphers, AES in particular and may even be considering banning other encryption schemes.

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/

So any of your client's current security may be dated in their effectiveness. Note: as a country outside of continental US, you (Canada included) have no oversights and protections afforded by any legal system. Everyone will be profiled and in particular anyone who is politically active anywhere in the world. People may even be considered a low security risk but a security risk none the less.  
  
Jim    

----- Original Message -----
From: "Salakhetdinov Shamil" <mcp2004 at mail.ru>
To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
Sent: Monday, July 22, 2013 1:17:29 PM
Subject: Re: [dba-Tech] SSL or SSH or Other?

 Hi Jim --

"Watch What You Say"! :) (see below)

>  in the age of PRISM this becomes so very important
It (VPN encryption) might soon become useless:

"The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)"
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 -- Shamil

Monday, July 22, 2013 11:28 AM -06:00 from Jim Lawrence <accessd at shaw.ca>:
>Hi Arthur:
>
>I am hardly an network expert but for secure connection across internet I would suggest a VPN type network. If done properly, staff with the appropriate usernames and passwords can connect in to business network through either standard or a specific dedicated address:port installed on the company's router. 
>
>There are a slew of VPN products out there with all sort of features and costs. I have one that is installed on my laptop which gives me full access to my entire network when I am on the road...it supports any protocol as its is only a tunnel, even RDP. 
>
>It is called OpenVPN ( http://openvpn.net/ ) and as my resource are limited the price is right. The product has clients for any OS but server end must be Linux based...not a problem for yourself as it runs fine on any version of Distro, that uses Debian. If the business wants their server end hosted it will cost $6.00 per connection per year (I am sure there are volume discounts). 
>
>I would recommend you set up your own in-house server as once setup properly it can left to its own devices as it just works. The beauty of hosting is that once a connection is established the client and server are directly linked, no third party intervention is needed. This is of course is great for security and in the age of PRISM this becomes so very important. 
>
>HTH
>Jim
<<< skipped >>>
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com



More information about the dba-Tech mailing list