
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
117
Chapter 4
CHAPTER 4
Secure Remote
Administration
Your server is bastionized, it resides in a firewall-protected DMZ network, and its
services are fully patched and configured for optimal security. You’ve just installed it
in a server room, which is monitored by surly armed guards and accessible only after
peering into a retinal scanner and submitting to a body cavity search. Not that you
plan to visit the system in person, though; it’ll be no problem to perform your
administrative duties from the comfort of your office, thanks to good old Telnet.
What’s wrong with this picture?
Why It’s Time to Retire Cleartext Admin Tools
TCP/IP network administration has never been simple. And yet, many of us remem-
ber a time when connecting a host to “the network” meant one’s local area network
(LAN), which itself was unlikely to be connected to the Internet (originally the
almost exclusive domain of academia and the military) or any other external net-
work.
Accordingly, the threat models that network and system administrators lived with
were a little simpler than they are now: external threats were of much less concern
then. Which is not to say that internal security is either simple or unimportant; it’s
just that there’s generally less you can do about it.
In any event, in the old days, we used ...