IT security people sleep well
Daniel Senie
dts at senie.com
Mon Jun 7 00:38:49 UTC 2004
At 12:50 AM 6/6/2004, Paul Jakma wrote:
>On Sat, 5 Jun 2004, Mike Lewinski wrote:
>
>>And that provides protection against MITM attacks how?
>
>kerberised telnet can be encrypted (typically DES - sufficient to guard MITM).
Am I the only one who really likes devices to handle their own login
authentication? I've had more than one occasion to need to get into and
manage a device when the link between the device any anything resembling an
authentication server is toast, and the reason I'm bothering to talk to the
device in the first place?
Yes, terminal servers can be an answer. But SSH can be a perfectly good
path in across whatever link(s) are still functional.
Even an inexpensive managed layer 2 switch I installed recently for a
client had decent ssh support (yes, it supported other methods of
authentication too, including the use of server-based authentication).
More information about the NANOG
mailing list