Re: SSH on the router - was( IT security people sleep well)

[Michael.Dillon () radianz com]

> > Consider the case of a staff member lounging in the backyard on
> > a lazy Saturday afternoon with their iBook. They have an 802.11
> > wireless LAN at home so they telnet to their Linux box in the
> > kitchen and run SSH to the router. Ooops!
>
> I see.  SSH doesn't solve all problems, and therefore must be
> worthless.

No.
SSH doesn't solve all problems because it is only a protocol.
The human element is the most important one to consider in
network security.

> Now let's look at kerberized telnet.  Someone logs in via
> kerberized telnet over an insecure network, then decides to
> change his/her password.  Oops.

Exactly!
Technology is worthless if it is not used properly. Network
engineers are technology experts not security experts. They
often need training to raise their awareness of security issues.
Remember the study a while back that found that the largest
single factor that caused network failures was human error?

> > The only way to protect against that sort of situation is to
> > encourage everyone to be security-minded and not take risks
> > where the network is concerned.
>
> Definitely.  Alas, I'm seeing more "it won't happen to me" than
> in the past.  It's almost as if the "logic" is "I hear more about
> this, but haven't noticed anything awful, and therefore must be
> invincible."

The question in that case is: "Do you know, in enough detail, what
is going on in your network that you can confidently say that nothing
awful is happening?".

--Michael Dillon