--On 07 June 2004 11:10 -0700 Randy Bush <randy@psg.com> wrote:
It makes more sense to funnel everything through secure gateways and then use SSH as a second level of security to allow staff to connect to the secure gateways from the Internet. Of course these secure gateways are more than just security proxies; they can also contain diagnostic tools, auditing functions, scripting capability, etc.
and all the other things single points of failure need. like pixie dust, chicken entrails, ...
Where did the word "single" come from, given he had an "s" on gateways? Replicate them across POPs. Having lots of routers accessible from a small number of machines, which are (relatively) widely accessible but can be firewalled to hell, seems a better option than having lots of routers accessible from a large number of machines (esp. ones outside ones own administrative domain, e.g. home machines). YMMV. [no I don't think they need the other pixie dust stuff on though] Alex