Reply to post: Re: Securing the Perimeter

Wanna protect your data center? Take tips from the US Secret Service

tom dial Silver badge

Re: Securing the Perimeter

Our (USDoD) data center did not allow end to end encryption, as they required (and used) the capability to scan all traffic entering or leaving the premises. This started after a remote user's account was compromised and used to upload malware that, as I understood it, affected a major application quite seriously. Those of us already using SSH to internal hosts were not forced immediately to stop, partly because telnet and ftp were disallowed on principle, but ultimately had to switch to out-of-band access using a VPN that terminated at a premise gateway.

In an ideal situation, multiple factor authentication and end-to-end encryption may be suitable, but situations usually are less than ideal. DISA centers typically support thousands of external users and systems, not all of them subject to DoD control.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020