[71040] in North American Network Operators' Group
Re: IT security people sleep well
daemon@ATHENA.MIT.EDU (Daniel Senie)
Sun Jun 6 20:39:48 2004
Date: Sun, 06 Jun 2004 20:38:49 -0400
To: nanog@merit.edu
From: Daniel Senie <dts@senie.com>
In-Reply-To: <Pine.LNX.4.60.0406060549500.5088@fogarty.jakma.org>
Errors-To: owner-nanog-outgoing@merit.edu
At 12:50 AM 6/6/2004, Paul Jakma wrote:
>On Sat, 5 Jun 2004, Mike Lewinski wrote:
>
>>And that provides protection against MITM attacks how?
>
>kerberised telnet can be encrypted (typically DES - sufficient to guard MITM).
Am I the only one who really likes devices to handle their own login
authentication? I've had more than one occasion to need to get into and
manage a device when the link between the device any anything resembling an
authentication server is toast, and the reason I'm bothering to talk to the
device in the first place?
Yes, terminal servers can be an answer. But SSH can be a perfectly good
path in across whatever link(s) are still functional.
Even an inexpensive managed layer 2 switch I installed recently for a
client had decent ssh support (yes, it supported other methods of
authentication too, including the use of server-based authentication).
