Changes between Version 2 and Version 3 of ssh_security_policy


Ignore:
Timestamp:
May 6, 2008, 1:03:37 PM (12 years ago)
Author:
Daniel Kahn Gillmor
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ssh_security_policy

    v2 v3  
    1111 * All MFPL root administrators secure their private key with a password and only save them non-shared computers with encrypted disks.
    1212
    13  * Root access is not available via sudo. Root is only available via ssh as root or by ssh'ing into the [wiki:telehouse_serial_access serial console server] and logging in with the username and password. Rationale: sudo is useful because it allows users to work as a non-privileged user and execute select commands as root. That cuts down on mistakes that can have disastrous consequences. However, it also makes each server only as secure as the non-privileged user.
     13 * Root access is not available via sudo. Root is only available via ssh as root or by ssh'ing into the [wiki:telehouse_serial_access serial console server] and logging in with the username and password. Rationale: sudo is useful because it allows users to work as a non-privileged user and execute select commands as root. That cuts down on mistakes that can have disastrous consequences. However, it also makes each server only as secure as the least-secure non-privileged account on that server. `sudo` ''is'' useful for allowing fine-grained, constrained elevated permissions for users who otherwise might not be able to take certain actions on their own (e.g. creating databases, restarting certain daemons, etc)
    1414
    1515 * All ssh keys used for root access are minimally 2048 bits in length
     
    1717 * May First/People Link conducts an annual audit to check in with all users with root access and ensure that they these policies are being followed and review that all users with root access know they have root access, still want root access, and it makes sense for the organization for them to have root access.
    1818
    19  * Password files and ssh keys are only backed up to servers with adequate (what is adequate security?) security
     19 * Password files and ssh keys are only backed up to servers with adequate security (what is adequate security?)