[71050] in North American Network Operators' Group
Re: IT security people sleep well
daemon@ATHENA.MIT.EDU (Henning Brauer)
Mon Jun 7 12:13:18 2004
Date: Mon, 7 Jun 2004 18:11:26 +0200
From: Henning Brauer <hb-nanog@bsws.de>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <6.0.3.0.2.20040606214404.06364ec0@mail.tellurian.com>
Errors-To: owner-nanog-outgoing@merit.edu
* Robert Boyle <robert@tellurian.com> [2004-06-07 14:08]:
> I really truly don't see the problem with plaintext telnet
> management of routers.
It is exactly this belief in the security of your networks that gets
this industry in so deep shit.
ever heard of multilayer security?
some little problem somewhere that allows an attacker to sniff your
telnet traffic and you are d00med. that might be as simple as a routing
fuckup.
You loose nothing with using ssh instead of telnet.
You win a lot.
ssh is a basic component for secure network management.
it is not the one magic piece that turns a collection of crap into an
ubersecure network of course, as some people seem to imply.
not seeing the problem with cleartext telnet for remote logins in 2004,
wether ACL'd or not, is just ... oh man, I don't have words for this.
--
Henning Brauer, BS Web Services, http://bsws.de
hb@bsws.de - henning@openbsd.org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
