nanog mailing list archives
Re: SSH on the router - was( IT security people sleep well)
From: "Edward B. Dreger" <eddy+public+spam () noc everquick net>
Date: Mon, 7 Jun 2004 18:07:19 +0000 (GMT)
Date: Mon, 7 Jun 2004 11:39:57 +0100 From: Michael.Dillon@rad...
Consider the case of a staff member lounging in the backyard on a lazy Saturday afternoon with their iBook. They have an 802.11 wireless LAN at home so they telnet to their Linux box in the kitchen and run SSH to the router. Ooops!
I see. SSH doesn't solve all problems, and therefore must be worthless. Now let's look at kerberized telnet. Someone logs in via kerberized telnet over an insecure network, then decides to change his/her password. Oops. Someone could screw up OTP SSH+KRB5 logins over IPSec if using a compromised box with a keylogger installed. Does that mean each of these technologies is worthless?
The only way to protect against that sort of situation is to encourage everyone to be security-minded and not take risks where the network is concerned.
Definitely. Alas, I'm seeing more "it won't happen to me" than in the past. It's almost as if the "logic" is "I hear more about this, but haven't noticed anything awful, and therefore must be invincible." Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist () brics com -or- alfra () intc net -or- curbjmp () intc net Sending mail to spambait addresses is a great way to get blocked.
Current thread:
- Re: IT security people sleep well, (continued)
- Re: IT security people sleep well Paul Jakma (Jun 05)
- Re: IT security people sleep well Mike Lewinski (Jun 05)
- Re: IT security people sleep well Paul Jakma (Jun 05)
- Re: IT security people sleep well Henning Brauer (Jun 06)
- Re: IT security people sleep well Paul Jakma (Jun 06)
- SSH on the router - was( IT security people sleep well) Michael . Dillon (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Rubens Kuhl Jr. (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Henry Linneweh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Henning Brauer (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Edward B. Dreger (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Michael . Dillon (Jun 08)
- Re: SSH on the router - was( IT security people sleep well) Alexei Roudnev (Jun 08)
- Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Valdis . Kletnieks (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
- Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
- Re: IT security people sleep well Daniel Senie (Jun 06)
- Re: IT security people sleep well Priscilla Oppenheimer (Jun 07)