Google: Difference between revisions
→How can you establish secure connectivity to public cloud
Line 163:
== How can you establish secure connectivity to public cloud ==
*'''VPN tunnel'''
*'''How do you ensure High Availability for this?'''
*Webmin
*VNC? Encryption? Not by default, can be run inside SSH Tunnel; port 5900, 5901
Line 201:
*SSH Key based
Keys are used as the default method of authentication for SFTP Gateway.
How SSH keys work for authentication:
#An SSH key pair, which includes a public and private cryptographic key, is generated by a computer.
#The public key is stored on the server that you log into, while the private key is stored on your computer.
#When you attempt to log in, the server will check for the public key and then generate a random string and encrypt it using this public key. This encrypted message can only be decrypted with the associated private key.
#The server will send this encrypted message to your computer. Upon receipt of the message, your computer will decrypt it using the private key and send this message back to the server. If everything matches up, you’re good to go.
Pros:
SSH keys can be up to 4096 bits in length, making them long, complex, and difficult to brute-force hack.
These keys are typically at least 1024 bits long, which is the security equivalent of a password that is at least 12 characters.
SSH keys aren’t human generated, so they avoid easy-to-guess keys like “123456” or “password”.
Unlike passwords, your private SSH key isn’t sent to the server.
So even if malicious actors hack into the server, they still can’t access your account.
SSH connection can only come from the computer where the private key resides.
You can log in using a password from any computer, even a shared desktop at your local library.
You can add a password to your SSH key authentication (multi-factor authentication) to increase security even further.
Cons:
Private key needs to be stored on the device with which you’re logging in.
These devices can be lost or stolen And hackers can gain access to the private key and eventually the server.
SSH keys take a bit more work to set up.
System administrator can assign initial usernames and passwords and distribute them to employees easily.
Employees can change these passwords so that only they know what they are.
The sysadmin will no longer have access to employee’s passwords
Distribution of public keys and education of staff on how to use SSH keys can be more cumbersome.
If the sysadmin provides an employee with a private key, he still has access to said private key and can log into the employee’s account.
== Re-Evaluate the design ==
| |||