nanog mailing list archives
Re: ABOVE.NET SECURITY TRUTHS?
From: Austin Schutz <tex () off org>
Date: Sat, 29 Apr 2000 01:11:43 -0700
On Fri, Apr 28, 2000 at 09:06:16PM -0700, Bora Akyol wrote:
I don't think so. There is even a port of ssh to the Palm Pilot. In this day and age, I think that saying that encryption is expensive is a myth. Even if it were, I think the security that it buys you is well worth it. Also, most new(er) and high end routers out there should have more than enough processing power to handle ssh, no? I know ours does.
But this is really a minor part of the issue, IMO. You have to SSH in from somewhere... Are your NOC machines patched and secure? Does anyone log in to these machines from home or the NANOG terminal room? Are _all_ of those machines secure, not just _your_ machine(s)? Are you positive the people watching your network when you are at home sleeping haven't done anything dumb (e.g. run an exploitable irc client) from their own machines or the "trusted" NOC machines? Are you sure your personnel don't use the same password for TACACS that they use for their favorite MUD? I suspect it is more likely that the latest cracker weenie gained access to a unix box in a key location rather than gaining some sort of physical access to sniff passwords over the line. Austin
Current thread:
- Re: ABOVE.NET SECURITY TRUTHS?, (continued)
- Re: ABOVE.NET SECURITY TRUTHS? Steven M. Bellovin (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Paul Ferguson (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Kevin Oberman (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Deepak Jain (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Joshua Goodall (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Deepak Jain (Apr 29)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Paul Ferguson (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 29)
- RE: ABOVE.NET SECURITY TRUTHS? Deepak Jain (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Steven M. Bellovin (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Austin Schutz (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Michael Shields (Apr 29)