|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: telnet vs ssh on Core equipment , looking for reasons why ?
Using ssh or some other form of encryption to connect to your routers is the best thing to do to avoid insecurity. The real question becomes insuring good security practices by the user of ssh to connect to the system. Some good practices but not necessarily requirements: 1) restricting the set of hosts by which one can connect with ssh so evil.user.example.com doesn't connect. 2) insuring good password security (including the use of SecurID or some similar technology to prevent someone from standing over your keyboard). 3) Having sufficent security on your oob equipment to prevent some kiddy that gets unlimited local calls from finding your modem. (There is various technology that can be used here from caller-id to touch-tone password systems to secure your devices). 4) tacacs logging on your equipment that supports it. 5) Use some config versioning system to detect changes to configs and archive them. This aides in the "who removed X route" stuff. This allows you to audit tacacs.log as well as get diffs of the router configs when the change is made. I'm sure someone could write a BCP or something like that for operating a internet connected network as far as securing your device(s). - Jared On Tue, Jul 31, 2001 at 09:23:58AM -0400, Mr. James W. Laferriere wrote: > > > Hello All , I have charged myself with trying to find a statistic > on how many individuals responsible for IP core equipment > recommend telnet or ssh & why particularly . I will summarize . > Tia , JimL > > +------------------------------------------------------------------+ > | James W. Laferriere | System Techniques | Give me VMS | > | Network Engineer | P.O. Box 854 | Give me Linux | > | [email protected] | Coudersport PA 16915 | only on AXP | > +------------------------------------------------------------------+ -- Jared Mauch | pgp key available via finger from [email protected] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
|