RE: Silly crackers... NT is for kids...

From: Nate Williams (nate@yogotech.com)
Date: 08/17/01 

From: Nate Williams <nate@yogotech.com>
Date: Fri, 17 Aug 2001 15:11:46 -0600
To: Matt Piechota <piechota@argolis.org>

> > Even for authentication?
> >
> > I can understand using a telnet client to manually test SMTP servers or
> > other protocols, but I cannot understand why you *need* telnet.
> > Mind you I am against using pop3 as well, unless it's encrypted.
>
> Example 1:
> You're on an internal heavily firewalled corporate LAN, where none of your
> information is hidden between employees. So you don't care, and you don't
> have to worry about installing ssh on every PC's desktop, and teaching
> cluon-deprived people to use it.

Agreed, but given the recent telnetd exploit, I'm not sure you want it
on by default. Even in our heavily-firewalled environment, we don't
want *ALL* of the users to have root access on our FreBSD boxes. :)

Having the users enable it by default makes them more aware of what's
going on. (Although, one could argue that all the folks who are still
infected with CodeRed initially enabled it, and have done nothing
since...)

> Example 2: You're running realtime applications, or applications that
> need all available processing power for performance reasons. The
> extra overhead of encrypting and decrypting the ssh traffic may drop
> your performance.

Then don't telnet into the box. If you need to monitor a box over an
insecure network, then encryption/decryption is a necessity, IMHO.

> Let's not forget that until the recently done work of the OpenSSH team,
> you couldn't use SSH in a commercial environment with out paying for it.
> And besides, sniffing passwords isn't that terribly easy if you're using
> switched Ethernet anyways.

Actually, it is. See the archives of how easy it is to blow the switch
out of the water. :)

Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Silly crackers... NT is for kids...
    ... Which just brings me to another point, why not just turn ssh on by default ... but I cannot understand why you *need* telnet. ... > extra overhead of encrypting and decrypting the ssh traffic may drop ...
    (FreeBSD-Security)
  • RE: Commentary on the seven words
    ... When I was an operating systems programmer we all too often forgot that the Operating system existed to support the application, not the other way around. ... A Because the application that we run uses a telnet client that doesn't support ssh - and that's why I can't run ssh on this system. ... I administrate one system that has 128 clients on it and it's ...
    (RedHat)
  • Re: Commentary on the seven words
    ... A Because the application that we run uses a telnet client that doesn't ... support ssh - and that's why I can't run ssh on this system. ... General Red Hat Linux discussion list ... >operating system and utility advice and assistance and there are SEVEN ...
    (RedHat)
  • Re: I do not get ssh. Why is it more secure?
    ... How is this any more secure that plain old telnet? ... And, well, I just don't get the advantage of ssh ... If you put your ssh server on port 12345, it will be free from attacks. ... SSH connections, in the hands of someone who actually knows what they are doing, have the benefit of treating a remote machine as a remote machine. ...
    (comp.os.linux.misc)
  • Re: I do not get ssh. Why is it more secure?
    ... I ask this because I will be needing to open SSH ... eavesdropped or modified under way (unlike telnet). ... Its only mire secure if you think your link can and will be ... When you have a connection that you want to make permanent, setting up a vpn is a good solution. ...
    (comp.os.linux.misc)