Re: IT security people sleep well

["Stephen Sprunk" <stephen () sprunk org>]

Thus spake "Henning Brauer" <hb-nanog () bsws de>
> * Robert Boyle <robert () tellurian com> [2004-06-07 14:08]:
> > I really truly don't see the problem with plaintext telnet
> > management of routers.
>
> It is exactly this belief in the security of your networks that gets
> this industry in so deep shit.

Mostly agreed.

> You loose nothing with using ssh instead of telnet.
> You win a lot.

You lose money and time because you have to license more expensive code,
upgrade RAM and flash to handle larger images, have to train your staff how
to use SSH, have to test and roll out changes enabling SSH and disabling
telnet, have to deal with sub-300-baud interactive performance on older
router models, etc.

In spite of all that, I do encourage using SSH whenever possible, but
believing there is no cost associated with doing so is foolhardy.  Depending
on the perceived level of threat, one might consider other security projects
to be a higher priority.  We all have to deal with limited funding and
staffing for projects, even for critical functions like security.

S

Stephen Sprunk        "Stupid people surround themselves with smart
CCIE #3723           people.  Smart people surround themselves with
K5SSS         smart people who disagree with them."  --Aaron Sorkin