RE: Is SSH worth it??

From: Chris Reickenbacker (Chris.Reickenbacker@S1.com)
Date: 10/07/02


From: Chris Reickenbacker <Chris.Reickenbacker@S1.com>
To: 'Trevor Cushen' <Trevor.Cushen@sysnet.ie>
Date: Mon, 7 Oct 2002 14:34:32 -0400 

Sniffing the traffic is trivial, even on a switched network. ARP flood the
switch (any vendors switch) and it will 'fail-open'...that means that it
will act like a hub and broadcast to all ports. Use ssh - and make sure its
the most recent version of ssh. Dont think for a second that a switched
network brings with it any hint of security. Like I said, takes about 20
lines of C code to 'fail-open' your switch - once that happens, you can
sniff from any node on the segment.

Chris

-----Original Message-----
From: Trevor Cushen [mailto:Trevor.Cushen@sysnet.ie]
Sent: Monday, October 07, 2002 10:03 AM
To: security-basics@securityfocus.com
Subject: Is SSH worth it??

Hello all,

Quick opinion based question. I have an switched internal network that
currently uses a lot of rcp with rsh authentication to moves files
about. Platforms are unix and nt (ftp on the nt side)

More secure is ssh and scp for all platforms, but I have several scripts
that would all have to be re-written and a fair bit of setting up for
all the clients and servers involved throughout the organisation.

The questions is this;

On an internal network that is switched (making sniffing harder) is it
worth going to SSH and SCP??????

I am aware how to set it all up but the thing is, is it worth it. Bare
in mind also that few people have passwords to the boxes and the only
real threat is sniffing the traffic.

All opinions welcome,
thanks

Trevor Cushen
Sysnet Ltd

www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499



Relevant Pages

  • RE: IP address conflicts
    ... If you get a network vendor like Network Hardware Resale ... >> It's amazing how money will appear out of thin air if certain oxen get ... the switch you are suggesting I cannibalise uses the EtherToken ... When dealing with a bureaucracy I have found the most effective method is ...
    (freebsd-questions)
  • Re: ConnectComputer Problem
    ... I'm a little confused by your network configuration. ... Switch2 --- SBS Server ... switch has internet access all the time, the second switch has the client ... NICs ...
    (microsoft.public.windows.server.sbs)
  • Re: Help with long term network problem
    ... Using a CNET network switch connected to a CNet Wireless G router Model ... Having the chart listing all of the computers is a great start. ... /all" shows only an Intel 2200BG WiFi connection - no Ethernet is apparent. ...
    (microsoft.public.windowsxp.network_web)
  • Re: LAN ip subnet is moving off from a bigger enterprise
    ... The host company runs Cisco ... Connect your switch to this ... At the CBO the network is 10.23.1.x and the gateway ... WS1 WS3 SBS HP4000 ...
    (microsoft.public.windows.server.sbs)
  • Re: Ethernet network wiring ?s
    ... >> the planned network is designed correctly and for my own education on ... >> find I that I have a hub in my office that I used at some point in the ... > A switch is an active device. ... > the ports that have the ethernet address the message is intended ...
    (comp.sys.mac.hardware.misc)