IT security people sleep well

• Previous message (by thread): IT security people sleep well
• Next message (by thread): IT security people sleep well
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Crist Clark wrote:


> Anyone from the real world knows that there are real and significant
> costs to convert an existing infrucstructure with telnet, the
> r-protocols, ftp, and all of their unencrypted, unauthenticated friends
> to SSH and SSL secured connections. Yeah, maybe the software licencing
> costs are little to nothing, but the administrative overehead of
> converting all of your other scripts and software, plus lots and LOTS
> of retraining of admin and users can be very expensive or simply
> infeasible.

NTM all that legacy hardware for which the vendor simply never released 
an SSH-capable version. And lots of deployed CPE which lacks sufficient 
flash space to load an SSH-capable version where one was released.

I can think of a hundred cases where there's a definite measurable 
hardware upgrade cost associated with enabling SSH and the like.

Internally, our policy is to establish telnet connections from the 
closest upstream point possible, in most cases, the other side of a 
serial interface where our biggest possible cleartext exposure is 
gremlins at the CO.

• Previous message (by thread): IT security people sleep well
• Next message (by thread): IT security people sleep well
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]