IT security people sleep well
Eric Kuhnke
eric at fnordsystems.com
Thu Jun 3 20:16:44 UTC 2004
> I liked this quote,
>
> About 43% of respondents said they're using the Secure Shell (SSH)
> protocol to protect data, secure remote access, and perform network
> management. But while the current SSH2 is considered to be
> significantly more secure, nearly 45% said they are continuing to
> mostly use the older SSH1 protocol. A cause for greater concern,
> according to the surveyors, is that 54.9% said they continue to
> configure their network devices via Telnet, which is known by
> network security experts to be severely vulnerable to intruders
> because it sends data as clear text and offers only weak password
> authentication.
The part about Telnet is truly scary... Among people who have "clue",
the biggest reason I have heard to continue running ssh1 is for
emergency access via hand-held smartphones or other pocket sized
devices. The Handspring Treo 180 and similar keyboarded cellphone-pda
devices don't have the CPU power necessary for a SSH2 key exchange,
unless I'm drastically mistaken about the FPU abilities of a 33 MHz
Motorola Dragonball...
More information about the NANOG
mailing list