nanog mailing list archives
Re: IT security people sleep well
From: Crist Clark <crist.clark () globalstar com>
Date: Thu, 03 Jun 2004 11:24:53 -0700
Sean Donelan wrote:
Survey: Despite dangers, IT personnel sleep well By Bill Brenner, News Writer 27 May 2004 | SearchSecurity.com
I liked this quote, About 43% of respondents said they're using the Secure Shell (SSH) protocol to protect data, secure remote access, and perform network management. But while the current SSH2 is considered to be significantly more secure, nearly 45% said they are continuing to mostly use the older SSH1 protocol. A cause for greater concern, according to the surveyors, is that 54.9% said they continue to configure their network devices via Telnet, which is known by network security experts to be severely vulnerable to intruders because it sends data as clear text and offers only weak password authentication. For Marc Orchant, head of communications at VanDyke, that was one of the biggest shockers, especially since it costs little or nothing to upgrade these protocols. It "costs little or nothing to upgrade?" Does it seem a bit disingenuous for a remark like that to come from someone at a company that sells a commerical SSH distribution? Anyone from the real world knows that there are real and significant costs to convert an existing infrucstructure with telnet, the r-protocols, ftp, and all of their unencrypted, unauthenticated friends to SSH and SSL secured connections. Yeah, maybe the software licencing costs are little to nothing, but the administrative overehead of converting all of your other scripts and software, plus lots and LOTS of retraining of admin and users can be very expensive or simply infeasible. And just one more quote, "I guess the message here is that ignorance is bliss," said Steve Birnkrant, chief executive officer of Amplitude Research Inc., which conducted the survey on behalf of Albuquerque, N.M.-based VanDyke Software Inc. "What most surprised me was the general sense of complacency. Much has been written in the media about security issues, and this makes me wonder if people are listening." Why aren't people listening? I think Mr. Birnkrant needs to go way back to old childhood fables and have a refresher on the boy who cried, "Wolf!" -- Crist J. Clark crist.clark () globalstar com Globalstar Communications (408) 933-4387
Current thread:
- IT security people sleep well Sean Donelan (Jun 02)
- Re: IT security people sleep well Crist Clark (Jun 03)
- Re: IT security people sleep well Mike Lewinski (Jun 03)
- Re: IT security people sleep well Eric Kuhnke (Jun 03)
- Re: IT security people sleep well Valdis . Kletnieks (Jun 03)
- Re: IT security people sleep well Daniel Senie (Jun 03)
- Re: IT security people sleep well Alexei Roudnev (Jun 03)
- Re: IT security people sleep well Edward B. Dreger (Jun 04)
- Re: IT security people sleep well Daniel Corbe (Jun 07)
- Re: IT security people sleep well Rafi Sadowsky (Jun 07)
- Re: IT security people sleep well Crist Clark (Jun 03)
- Re: IT security people sleep well Jeff Shultz (Jun 03)
- Re: IT security people sleep well Edward B. Dreger (Jun 04)