[28383] in North American Network Operators' Group
RE: ABOVE.NET SECURITY TRUTHS?
daemon@ATHENA.MIT.EDU (Greene, Dylan)
Fri Apr 28 17:07:04 2000
Message-ID: <7C06EA1D5AAAD311B4EB00508B550B99014F7A29@navexc01.and.navisite.com>
From: "Greene, Dylan" <DGreene@NaviSite.com>
To: "'Paul Froutan'" <pfroutan@rackspace.com>, rmeyer@mhsc.com
Cc: nanog@merit.edu
Date: Fri, 28 Apr 2000 17:04:05 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
Well, maybe from the router back to the tacacs server, but it's still
cleartext telnet to the router.
..dylan
| -----Original Message-----
| From: Paul Froutan [mailto:pfroutan@rackspace.com]
| Sent: Friday, April 28, 2000 4:46 PM
| To: rmeyer@mhsc.com
| Cc: nanog@merit.edu
| Subject: RE: ABOVE.NET SECURITY TRUTHS?
|
|
|
| I don't think you can. However, I use TACACS on all my switches and
| routers. From what I know, TACACS passwords are encrypted
| using the key on
| your network devices and the TACACS server. So, that, in
| combination with
| a private management LAN not accessible by your customers
| should lock down
| your network pretty effectively. Any comments?
|
| At 4/28/00 -0700, you wrote:
|
| > > Exiled Dave
| > > Sent: Friday, April 28, 2000 1:10 PM
| >
| > > Lets think about this, cisco in no way has such a flaw
| > > that would allow someone to 'root' and erase all the
| > > info on switches. The password was sniffed.
| >
| >Can one setup SSH on a Cisco 6509?
|
| Paul Froutan Email:
| pfroutan@rackspace.com
| Rackspace, Ltd <http://www.rackspace.com>
|
|
