CAcert System Admins discussion list

["Ian G (Audit)" <iang AT cacert.org>]

On 26/3/09 21:13, Mendel Mobach wrote:
> On Mar 26, 2009, at 8:50 PM, Ian G (Audit) wrote:
>
> > On 25/3/09 22:46, Mendel Mobach wrote:
> > > Hello everybody,
> > >
> > > does someone on this list have sufficient technical objections against
> > > the following setup:
> >
> > Maybe I read this too quickly, but I was unable to figure out what the
> > purpose of the setup is.
>
> There are multi purposes here:
>
> For the bigger picture:
> * Create real virtual machines so we can move them 'easy' if we switch
> hardware.
> * Create a scalable setup without too much changes from the current setup.
> * Prepare for the future. IPv6, diffent security level networks, etc...


They look like advantages rather than purposes to me.

> For instant 'now':
> * Provide a more secure way of knowing who is logging in and is doing
> what on what server
> (Yes nobody can tell who did what on what server, which is definitely
> bad!).
> * Decrease the usage of (breakable) passwords

Hmm, I though there was something in SP about no passwords ... but I 
won't look now as it might destroy the thread of the conversation :)

> * Store some logging
> (Debug logs from every kernel are probably not interresting)


Again, more advantages,


> > ( Security being of course very integrated with and dependent on the
> > application, without an application it is perfectly secure :)
>
> remote root access.


OK, I'm not making myself clear.  What I wanted to know is what 
*applications* are going on these machines, and whether these are 
*critical* or *infrastructure* .  In particular, are we talking about 
the signing app, the critical user database, the frontend CA application 
or the other related critical parts living on a virtual server / host?

Or are you talking about the logging server, being separate from the above?

Or, does "remote root access" mean this is for the hop-server, the 
server where sysadms connect into before ssh-ing to the critical servers 
and/or the console access?

iang

> And for once: Let's keep the hardware separated from
> the 'users'.
>
> And if the setup proofs to be sufficient and easy enough we could use
> maybe for other services.
>
> That's *not* a problem we need to fix right now, other services do log.
>
> http://wiki.cacert.org/wiki/SecurityManual#Logging does request this
> kind of service for example.
>
> Kind Regards,
>
> Mendel Mobach

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature