× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On Fri, Apr 23, 2010 at 14:57, Jim Oberholtzer <midrangel@xxxxxxxxxx> wrote:
It's reasonable to point out that security is another factor in using a
host table. ÂFor instance if you regularly move data (in any method)
between your system and the bank or trusted trading partners one of the
methods bad guys use to get into the middle is to hijack the DNS entry.
Having your own address resolution for sensitive connections is not a
bad idea. ÂStops that practice cold.

This is a not a good argument, since any sensitive data transfer will
already be secured by either SSL/TLS or SSH, and if not the host table
is going to keep the data more secure than it already is.

Also, DNSSEC will prevent DNS spoofing. It's widely deployed in
corporations yet though, and as of V6R1, the IBM i resolver doesn't do
DNSSEC yet, though if stuck behind a trusted DNSSEC-capable resolver
(e.G. WS08R2 or a current version of BIND) it will be protected.

When I travel, I always put the sensitive addresses in my host file on
my laptop so I know I am connecting to the correct place regardless of
what DNS might say, since I don't know the DNS provider etc.

You also don't know who runs your IP connections, so the fixed IP
address you have might not connect you to the host you think you're
connecting.

Paranoid, maybe, Âgood practice, I would allow debate, however many
auditors seem to think it's a good idea.

The main issue i see with it that it doesn't work and doesn't protect
you from anything. As such it's just paranoid and certainly not a good
practice.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.