|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SSH on the router - was( IT security people sleep well)
> Date: Mon, 7 Jun 2004 11:39:57 +0100 > From: [email protected] > Consider the case of a staff member lounging in the backyard on > a lazy Saturday afternoon with their iBook. They have an 802.11 > wireless LAN at home so they telnet to their Linux box in the > kitchen and run SSH to the router. Ooops! I see. SSH doesn't solve all problems, and therefore must be worthless. Now let's look at kerberized telnet. Someone logs in via kerberized telnet over an insecure network, then decides to change his/her password. Oops. Someone could screw up OTP SSH+KRB5 logins over IPSec if using a compromised box with a keylogger installed. Does that mean each of these technologies is worthless? > The only way to protect against that sort of situation is to > encourage everyone to be security-minded and not take risks > where the network is concerned. Definitely. Alas, I'm seeing more "it won't happen to me" than in the past. It's almost as if the "logic" is "I hear more about this, but haven't noticed anything awful, and therefore must be invincible." Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : [email protected] -or- [email protected] -or- [email protected] Sending mail to spambait addresses is a great way to get blocked.
|