[RADIATOR] Password/certificate security seems next to none on Radiator server
Christian Kratzer
ck-lists at cksoft.de
Sat Oct 3 08:08:26 CDT 2015
Hi,
On Fri, 2 Oct 2015, Nadav Hod wrote:
> Yes but as I mentioned in the original post, I suggested to access these stores over a network share. These really shouldn't be local, afterall the certificates can be loaded into memory and passwords can also be loaded into memory. The share can be secured behind firewall (including different security modules) and domain-level security. Most SMB's and enterprises already have these in place. Keeping things local is bad practice for several reasons.
>
you are free to implement this any way you like as Tuure pointed out a couple of posts back if you think it adds value in your specific setup.
This thread is going nowhere.
Can we please end it here.
Greetings
Chrsitian
> ________________________________________
> From: Nick Lowe [nick.lowe at lugatech.com]
> Sent: Friday, October 02, 2015 5:52 PM
> To: Nadav Hod
> Cc: Tuure Vartiainen; radiator at open.com.au
> Subject: Re: [RADIATOR] Password/certificate security seems next to none on Radiator server
>
> Nadav,
>
> You're just obfuscating by doing this as the RADIUS server still have
> to get access to those things. Security through obscurity really
> doesn't exist. It is a complete waste of time in my opinion.
>
> You have to reply on encryption of the backing storage and OS security
> primitives with administrative best practice to do this properly.
> There is no other way.
>
> Once somebody owns a box, all bets are off.
>
> Regards,
>
> Nick
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
--
Christian Kratzer CK Software GmbH
Email: ck at cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
More information about the radiator
mailing list