From owner-freebsd-security Tue Oct 2 13:29: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from as.astro.su.se (as.astro.su.se [130.237.166.29]) by hub.freebsd.org (Postfix) with SMTP id 77DCE37B405 for ; Tue, 2 Oct 2001 13:28:57 -0700 (PDT) Received: (qmail 9309 invoked by alias); 2 Oct 2001 20:28:55 -0000 Received: (qmail 9302 invoked from network); 2 Oct 2001 20:28:55 -0000 Received: from dioscuri.astro.su.se (130.237.166.114) by as.astro.su.se with SMTP; 2 Oct 2001 20:28:55 -0000 Received: (from alex@localhost) by dioscuri.astro.su.se (8.9.1b+Sun/8.9.1) id WAA22896; Tue, 2 Oct 2001 22:28:52 +0200 (MET DST) Date: Tue, 2 Oct 2001 22:28:52 +0200 (MET DST) From: Alexey Koptsevich To: security@freebsd.org Subject: access from monitoring host Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, There is a discussion about ways of access from centralized monitoring host at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html Except for its network traffic, NFS is the least visible method - allowing you to monitor the filesystems on each client box virtually undetected. If your limited-access server is connected to the client boxes through a switch, the NFS method is often the better choice. If your limited-access server is connected to the client boxes through a hub, or through several layers of routing, the NFS method may be too insecure (network-wise) and using ssh may be the better choice even with the audit-trail tracks that ssh lays. I dp not understand, why access method should be different in cases when monitoring host is behind the switch or connected through the hub? Thanks, Alex PS Please cc: me your reply. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message