[CentOS] defense-in-depth possible for sshd?

Marc Deop damnshock at gmail.com
Fri Jan 13 09:51:19 UTC 2012


On Thursday 12 January 2012 18:56:04 Bennett Haselton wrote:
> Or is there a reason that an exploit against OpenVPN would be less 
> powerful than an exploit against sshd?

Not really.

The thing is that the tools are there but you have to use them *CORRECTLY*

The OpenVPN server and the SSH server you are trying to access should be in *different* machines. Like web servers, app servers and databases are separete:

http server
      |
	|
	|
app server
	|
	|
	|
mysql server

Same structure works for openvpn and ssh ;)

Regards







More information about the CentOS mailing list