[70991] in North American Network Operators' Group
Re: IT security people sleep well
daemon@ATHENA.MIT.EDU (Eric Kuhnke)
Thu Jun 3 17:18:35 2004
Date: Thu, 03 Jun 2004 13:16:44 -0700
From: Eric Kuhnke <eric@fnordsystems.com>
To: nanog@merit.edu
In-Reply-To: <40BF6CF5.3080401@globalstar.com>
Errors-To: owner-nanog-outgoing@merit.edu
> I liked this quote,
>
> About 43% of respondents said they're using the Secure Shell (SSH)
> protocol to protect data, secure remote access, and perform network
> management. But while the current SSH2 is considered to be
> significantly more secure, nearly 45% said they are continuing to
> mostly use the older SSH1 protocol. A cause for greater concern,
> according to the surveyors, is that 54.9% said they continue to
> configure their network devices via Telnet, which is known by
> network security experts to be severely vulnerable to intruders
> because it sends data as clear text and offers only weak password
> authentication.
The part about Telnet is truly scary... Among people who have "clue",
the biggest reason I have heard to continue running ssh1 is for
emergency access via hand-held smartphones or other pocket sized
devices. The Handspring Treo 180 and similar keyboarded cellphone-pda
devices don't have the CPU power necessary for a SSH2 key exchange,
unless I'm drastically mistaken about the FPU abilities of a 33 MHz
Motorola Dragonball...
