[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SSH Update
Folks, Just came across an article which talks about SSH being updated – specifically to focus on key management. A key quote from the article: “The IETF draft standard describes a process "for discovering who has access to what, bringing an existing IT environment under control with respect to automated access and SSH keys." It says "the process includes moving authorised keys to protected locations, removing unused keys, associating authorised keys with a business process or application and removing keys for which no valid purpose can be found, rotating existing keys, restricting what can be done with each authorised key, and establishing an approval process for new authorised keys." It's all part of what's supposed to be continuous monitoring and authorised key setup.” RFC Draft: http://www.ietf.org/id/draft-ylonen-sshkeybcp-01.txt Perhaps a good candidate for use-case construction/enumeration? Thanks, Bob Robert Burns Security Principal THALES Information Systems Security Phone: 954.888.6215 |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]