[28387] in North American Network Operators' Group
RE: ABOVE.NET SECURITY TRUTHS?
daemon@ATHENA.MIT.EDU (Greene, Dylan)
Fri Apr 28 17:24:29 2000
Message-ID: <7C06EA1D5AAAD311B4EB00508B550B99014F7A2A@navexc01.and.navisite.com>
From: "Greene, Dylan" <DGreene@NaviSite.com>
To: "'Paul Froutan'" <pfroutan@rackspace.com>, rmeyer@mhsc.com
Cc: nanog@merit.edu
Date: Fri, 28 Apr 2000 17:10:23 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
Maybe I should read the entire message before responding.. hehe.. =)
A switched private management lan resolves the cleartext problem.
SSH version 1 is apparently supported in 12.0 as well (never played w/ it,
so dunno how well it works);
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
limit/120s/120s5/sshv1.htm
..Dylan
| -----Original Message-----
| From: Paul Froutan [mailto:pfroutan@rackspace.com]
| Sent: Friday, April 28, 2000 4:46 PM
| To: rmeyer@mhsc.com
| Cc: nanog@merit.edu
| Subject: RE: ABOVE.NET SECURITY TRUTHS?
|
|
|
| I don't think you can. However, I use TACACS on all my switches and
| routers. From what I know, TACACS passwords are encrypted
| using the key on
| your network devices and the TACACS server. So, that, in
| combination with
| a private management LAN not accessible by your customers
| should lock down
| your network pretty effectively. Any comments?
|
| At 4/28/00 -0700, you wrote:
|
| > > Exiled Dave
| > > Sent: Friday, April 28, 2000 1:10 PM
| >
| > > Lets think about this, cisco in no way has such a flaw
| > > that would allow someone to 'root' and erase all the
| > > info on switches. The password was sniffed.
| >
| >Can one setup SSH on a Cisco 6509?
|
| Paul Froutan Email:
| pfroutan@rackspace.com
| Rackspace, Ltd <http://www.rackspace.com>
|
|
