North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical


  • From: Austin Schutz
  • Date: Sat Apr 29 04:19:13 2000

On Fri, Apr 28, 2000 at 09:06:16PM -0700, Bora Akyol wrote:
> I don't think so.
> There is even a port of ssh to the Palm Pilot.
> In this day and age, I think that saying that encryption is expensive is a myth.
> Even if it were, I think the security that it buys you is well worth it.
> Also, most new(er) and high end routers out there should have more than enough
> processing power to handle ssh, no? I know ours does.

	But this is really a minor part of the issue, IMO. You have to
SSH in from somewhere...
	Are your NOC machines patched and secure? Does anyone log in to
these machines from home or the NANOG terminal room? Are _all_ of those
machines secure, not just _your_ machine(s)? Are you positive the people
watching your network when you are at home sleeping haven't done anything
dumb (e.g. run an exploitable irc client) from their own machines or the
"trusted" NOC machines? Are you sure your personnel don't use the same
password for TACACS that they use for their favorite MUD?
	I suspect it is more likely that the latest cracker weenie gained
access to a unix box in a key location rather than gaining some sort of
physical access to sniff passwords over the line.