Google: Difference between revisions
Content added Content deleted
Line 163: | Line 163: | ||
== How can you establish secure connectivity to public cloud == |
== How can you establish secure connectivity to public cloud == |
||
*VPN tunnel |
|||
*How do you ensure High Availability for this? |
|||
*Webmin |
|||
*VNC? Encryption? Not by default, can be run inside SSH Tunnel; port 5900, 5901 |
|||
SSH? Using Key? Using Password? |
|||
*RDP? Encryption? Yes can be encrypted, port 3389 |
|||
⚫ | |||
RDP? Encryption? Yes can be encrypted |
|||
⚫ | |||
⚫ | |||
⚫ | |||
*SSH Username-Password |
|||
SSH + DynDNS |
|||
Password authentication is used by users. |
|||
Username and password combination that you use to login to your SFTP server. |
|||
When you try to log in, the server checks whether your username and password are both correct and if so, approves your request. |
|||
Pros: |
|||
Convenience for users. |
|||
Easily remembered |
|||
if web login is possible, browsers can auto-fill these fields |
|||
Everyone knows how to log in using passwords. |
|||
Administrators can increase security by creating policies such as: |
|||
- lock system after 5 retries |
|||
- Requiring a certain amount of capitalized letters, numbers, and symbols in the password |
|||
- Forcing users to reset their passwords periodically |
|||
Cons: |
|||
Human nature for people to create passwords that are easily remembered. |
|||
Simple passwords make these accounts extremely susceptible to intrusion. |
|||
If these simple passwords are used across multiple apps, the potential for a breach increases massively. |
|||
Usernames and passwords have to be directly transmitted to the server being logged into, thus making this method more prone to hacking. |
|||
You can mistakenly log into the wrong server or website, and now that server or website has your password. |
|||
Hackers love making clones of popular websites to scam users out of their login credentials. |
|||
Companies could store your password in clear text in their database. |
|||
Their system administrators can see your password at any time, and if hackers breaks in, they can see your password as well. |
|||
Even if the password is salted and hashed, a hacker could steal all the passwords, brute force the salt and hash, and see if you used that same password for other apps and websites. |
|||
Employees may get frustrated by password policies set by IT administrators to increase security. |
|||
*SSH Key based |
|||
Keys are used as the default method of authentication for SFTP Gateway. |
|||
== Re-Evaluate the design == |
== Re-Evaluate the design == |