North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: IT security people sleep well
Crist Clark wrote:
NTM all that legacy hardware for which the vendor simply never released an SSH-capable version. And lots of deployed CPE which lacks sufficient flash space to load an SSH-capable version where one was released.Anyone from the real world knows that there are real and significant costs to convert an existing infrucstructure with telnet, the r-protocols, ftp, and all of their unencrypted, unauthenticated friends to SSH and SSL secured connections. Yeah, maybe the software licencing costs are little to nothing, but the administrative overehead of converting all of your other scripts and software, plus lots and LOTS of retraining of admin and users can be very expensive or simply infeasible.
I can think of a hundred cases where there's a definite measurable hardware upgrade cost associated with enabling SSH and the like.
Internally, our policy is to establish telnet connections from the closest upstream point possible, in most cases, the other side of a serial interface where our biggest possible cleartext exposure is gremlins at the CO.