This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Enforce 2FA for RIPE NCC Access account
- Previous message (by thread): [ncc-services-wg] Enforce 2FA for RIPE NCC Access account
- Next message (by thread): [ncc-services-wg] Enforce 2FA for RIPE NCC Access account
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Daniel Suchy
danny at danysek.cz
Thu Jan 4 17:44:50 CET 2024
Hi, On 1/4/24 16:58, Gert Doering wrote: > Provide visibility, and enforce 2FA for all accounts hat have "interesting" > permissions (modify RPKI objects, transfer resources), at least. from this perspective, even maintainers (linked not only to SSO accounts; [1]) accounts are interesting asset. At least those linked to route/route6 and as-set objects. Deleting them can also cause a lot of operational damage, as filters are processed automatically according to IRR data at many places. And the maintainers are tied directly to all objects, there's no link back to the LIR portal. It's not only about RPKI-related objects. The problem is more complex from this point of view. Only the unwanted ROA modification pointed to it, but the same issue can occur with other kind of objects id DB. Transfers are better protected I think, as there's always some manual intervention (and legal authorization). - Daniel [1] https://apps.db.ripe.net/docs/Authorisation/Using-the-Authorisation-Methods/
- Previous message (by thread): [ncc-services-wg] Enforce 2FA for RIPE NCC Access account
- Next message (by thread): [ncc-services-wg] Enforce 2FA for RIPE NCC Access account
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]