Discuss mailing list

[Mario Rodriguez <admin AT bambusoft.com>]

Hi Simon:

Totally agree with you..., security is the main reason for (as I remark) "...root access is not an option..."
And when i mean "...audited by other T1 operator..." I ment he/she can interact with the server sending DNS requests to check responses, performance and security and I will give all the necessary feedback and config and/or log file parts needed by test requests...

I will not give access to the server neither as user or root.

On 01/05/2014 11:45 a.m., Simon wrote:

On 05/01/14 16:49, Mario Rodriguez wrote:

About gp AT gparent.net concerns
The server is not dedicated to opennic activities only, so, root access
is not an option. But, I'm open to be audited by other T1 operator, If
any of you have any suggestion about how to accomplish this i will
appreciate.

As presumably experienced sysadmins, would you really give root access
to your boxes to someone else who you only know online?

Generally, root should be protected. Surely, in terms of safeguarding
the OpenNIC infrastructure, everything that could be done with root
access can be achieved another way without accessing the server at all.
People (or their personal password store) can be compromised just as
systems can and a compromised person with root access to your systems is
arguably more of a risk than the risk you're trying to prevent.

Simon

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org