IT security people sleep well
Crist Clark
crist.clark at globalstar.com
Thu Jun 3 18:24:53 UTC 2004
Sean Donelan wrote:
> Survey: Despite dangers, IT personnel sleep well
> By Bill Brenner, News Writer
> 27 May 2004 | SearchSecurity.com
I liked this quote,
About 43% of respondents said they're using the Secure Shell (SSH)
protocol to protect data, secure remote access, and perform network
management. But while the current SSH2 is considered to be
significantly more secure, nearly 45% said they are continuing to
mostly use the older SSH1 protocol. A cause for greater concern,
according to the surveyors, is that 54.9% said they continue to
configure their network devices via Telnet, which is known by
network security experts to be severely vulnerable to intruders
because it sends data as clear text and offers only weak password
authentication.
For Marc Orchant, head of communications at VanDyke, that was one
of the biggest shockers, especially since it costs little or nothing
to upgrade these protocols.
It "costs little or nothing to upgrade?" Does it seem a bit
disingenuous for a remark like that to come from someone at a company
that sells a commerical SSH distribution?
Anyone from the real world knows that there are real and significant
costs to convert an existing infrucstructure with telnet, the
r-protocols, ftp, and all of their unencrypted, unauthenticated friends
to SSH and SSL secured connections. Yeah, maybe the software licencing
costs are little to nothing, but the administrative overehead of
converting all of your other scripts and software, plus lots and LOTS
of retraining of admin and users can be very expensive or simply
infeasible.
And just one more quote,
"I guess the message here is that ignorance is bliss," said Steve
Birnkrant, chief executive officer of Amplitude Research Inc.,
which conducted the survey on behalf of Albuquerque, N.M.-based
VanDyke Software Inc. "What most surprised me was the general
sense of complacency. Much has been written in the media about
security issues, and this makes me wonder if people are listening."
Why aren't people listening? I think Mr. Birnkrant needs to go way
back to old childhood fables and have a refresher on the boy who
cried, "Wolf!"
--
Crist J. Clark crist.clark at globalstar.com
Globalstar Communications (408) 933-4387
More information about the NANOG
mailing list