CAcert System Admins discussion list

[Mendel Mobach <cacert AT leercoden.nl>]

On Mar 26, 2009, at 8:50 PM, Ian G (Audit) wrote:

> On 25/3/09 22:46, Mendel Mobach wrote:
> > Hello everybody,
> >
> > does someone on this list have sufficient technical objections  
> > against
> > the following setup:
>
> Maybe I read this too quickly, but I was unable to figure out what  
> the purpose of the setup is.

There are multi purposes here:

For the bigger picture:
* Create real virtual machines so we can move them 'easy' if we switch  
hardware.
* Create a scalable setup without too much changes from the current  
setup.
* Prepare for the future. IPv6, diffent security level networks, etc...

For instant 'now':
* Provide a more secure way of knowing who is logging in and is doing  
what on what server
  (Yes nobody can tell who did what on what server, which is  
definitely bad!).
* Decrease the usage of (breakable) passwords
* Store some logging
  (Debug logs from every kernel are probably not interresting)

> ( Security being of course very integrated with and dependent on the  
> application, without an application it is perfectly secure :)

remote root access. And for once: Let's keep the hardware separated  
from the 'users'.

And if the setup proofs to be sufficient and easy enough we could use  
maybe for other services.

That's *not* a problem we need to fix right now, other services do log.

http://wiki.cacert.org/wiki/SecurityManual#Logging does request this  
kind of service for example.

Kind Regards,

Mendel Mobach

Attachment: smime.p7s
Description: S/MIME cryptographic signature