North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IT security people sleep well

  • From: Eric Kuhnke
  • Date: Thu Jun 03 17:20:21 2004


I liked this quote,

  About 43% of respondents said they're using the Secure Shell (SSH)
  protocol to protect data, secure remote access, and perform network
  management. But while the current SSH2 is considered to be
  significantly more secure, nearly 45% said they are continuing to
  mostly use the older SSH1 protocol. A cause for greater concern,
  according to the surveyors, is that 54.9% said they continue to
  configure their network devices via Telnet, which is known by
  network security experts to be severely vulnerable to intruders
  because it sends data as clear text and offers only weak password
  authentication.
The part about Telnet is truly scary... Among people who have "clue", the biggest reason I have heard to continue running ssh1 is for emergency access via hand-held smartphones or other pocket sized devices. The Handspring Treo 180 and similar keyboarded cellphone-pda devices don't have the CPU power necessary for a SSH2 key exchange, unless I'm drastically mistaken about the FPU abilities of a 33 MHz Motorola Dragonball...