IT security people sleep well
Mike Lewinski
mike at rockynet.com
Thu Jun 3 19:32:45 UTC 2004
Crist Clark wrote:
> Anyone from the real world knows that there are real and significant
> costs to convert an existing infrucstructure with telnet, the
> r-protocols, ftp, and all of their unencrypted, unauthenticated friends
> to SSH and SSL secured connections. Yeah, maybe the software licencing
> costs are little to nothing, but the administrative overehead of
> converting all of your other scripts and software, plus lots and LOTS
> of retraining of admin and users can be very expensive or simply
> infeasible.
NTM all that legacy hardware for which the vendor simply never released
an SSH-capable version. And lots of deployed CPE which lacks sufficient
flash space to load an SSH-capable version where one was released.
I can think of a hundred cases where there's a definite measurable
hardware upgrade cost associated with enabling SSH and the like.
Internally, our policy is to establish telnet connections from the
closest upstream point possible, in most cases, the other side of a
serial interface where our biggest possible cleartext exposure is
gremlins at the CO.
More information about the NANOG
mailing list