Re: Telnet Security Question for a Router.
From: Charley Hamilton (chamilto@uci.edu)
Date: 12/11/02
- Previous message: Anthony, Shayla: "RE: File Monitoring Program"
- In reply to: Tony Toni: "Telnet Security Question for a Router."
- Next in thread: Tim Donahue: "RE: Telnet Security Question for a Router."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 11 Dec 2002 13:27:55 -0800 From: Charley Hamilton <chamilto@uci.edu> To: SECURITY-BASICS@securityfocus.com
> The Network Services Group is adamant that neither SSH or
> CISCO TACACS+ will work on a router to correct the security
> issue.
*blink blink*
As a relative newbie/ignorant, I am distressed to hear that
ssh doesn't "correct the security issues" with regard to
clear-text username/password travel. Doesn't ssh send *all*
traffic (from login to logoff inclusive) encrypted? Granted,
no encryption is perfect, but take a large key and it'll take
a while to decrypt, no? If you don't want to have passwords
traveling at all, use keypairs with passphrases, with
the keys stored on encrypted removable media. (That's my
strategy for my ssh/sftp servers.)
Is there something specific to routers that makes this solution
inappropriate? Alternatively, is there some other problem with
the routers that makes ssh and incomplete solution?
Inquiring (newbie) minds want to know!
Charley
--
Charles Hamilton, PhD EIT Faculty Fellow
Department of Civil and Phone: 949.824.3752
Environmental Engineering FAX: 949.824.2117
University of California, Irvine Email: chamilto@uci.edu
- Next message: Sarbjit Singh Gill: "RE: NetScreen XP and NetMeeting"
- Previous message: Anthony, Shayla: "RE: File Monitoring Program"
- In reply to: Tony Toni: "Telnet Security Question for a Router."
- Next in thread: Tim Donahue: "RE: Telnet Security Question for a Router."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
