nanog mailing list archives
Re: SSH on the router - was( IT security people sleep well)
From: Michael.Dillon () radianz com
Date: Tue, 8 Jun 2004 12:38:29 +0100
Consider the case of a staff member lounging in the backyard on a lazy Saturday afternoon with their iBook. They have an 802.11 wireless LAN at home so they telnet to their Linux box in the kitchen and run SSH to the router. Ooops!I see. SSH doesn't solve all problems, and therefore must be worthless.
No. SSH doesn't solve all problems because it is only a protocol. The human element is the most important one to consider in network security.
Now let's look at kerberized telnet. Someone logs in via kerberized telnet over an insecure network, then decides to change his/her password. Oops.
Exactly! Technology is worthless if it is not used properly. Network engineers are technology experts not security experts. They often need training to raise their awareness of security issues. Remember the study a while back that found that the largest single factor that caused network failures was human error?
The only way to protect against that sort of situation is to encourage everyone to be security-minded and not take risks where the network is concerned.Definitely. Alas, I'm seeing more "it won't happen to me" than in the past. It's almost as if the "logic" is "I hear more about this, but haven't noticed anything awful, and therefore must be invincible."
The question in that case is: "Do you know, in enough detail, what is going on in your network that you can confidently say that nothing awful is happening?". --Michael Dillon
Current thread:
- Re: IT security people sleep well, (continued)
- Re: IT security people sleep well Mike Lewinski (Jun 05)
- Re: IT security people sleep well Paul Jakma (Jun 05)
- Re: IT security people sleep well Henning Brauer (Jun 06)
- Re: IT security people sleep well Paul Jakma (Jun 06)
- SSH on the router - was( IT security people sleep well) Michael . Dillon (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Rubens Kuhl Jr. (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Henry Linneweh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Henning Brauer (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Edward B. Dreger (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Michael . Dillon (Jun 08)
- Re: SSH on the router - was( IT security people sleep well) Alexei Roudnev (Jun 08)
- Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Valdis . Kletnieks (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
- Re: IT security people sleep well Daniel Senie (Jun 06)
- Re: IT security people sleep well Priscilla Oppenheimer (Jun 07)
- Re: IT security people sleep well Stephen Sprunk (Jun 07)