[CentOS] duqu
Lamar Owen
lowen at pari.edu
Wed Dec 7 11:54:52 UTC 2011
On Wednesday, December 07, 2011 05:48:24 AM Adam Tauno Williams wrote:
> *DISABLE* password authentication on public-facing [and preferably all]
> servers. Isn't that securing a server rule#1?
Interestingly enough, there are vulnerability scanning tools out there that will flag the lack of a password prompt as indicating that no password is required.... one such tool, which I can't name, is very popular in the PCI-DSS compliance industry.
In my particular case, I was able to convince the person running the scan that ssh with key-based security was better than passwords; but I could see where others would not be swayed, and would insist that having a password prompt is more secure..... (of course, that somewhat ignores how key-based auth works, but when you are just reading the scan tool's output and taking it as fact......)
More information about the CentOS
mailing list