North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: IT security people sleep well
On Jun 6, 2004, at 5:38 PM, Daniel Senie wrote:
I'm with you. I've had lots of occasions where I'm accessing the router because of a problem that would also affect the router's ability to reach an authentication server.At 12:50 AM 6/6/2004, Paul Jakma wrote:Am I the only one who really likes devices to handle their own login authentication? I've had more than one occasion to need to get into and manage a device when the link between the device any anything resembling an authentication server is toast, and the reason I'm bothering to talk to the device in the first place?On Sat, 5 Jun 2004, Mike Lewinski wrote:kerberised telnet can be encrypted (typically DES - sufficient to guard MITM).And that provides protection against MITM attacks how?
It's egregious that SSH isn't standard in all IOS images, especially when you consider that choosing the right image is almost an NP-complete problem even with feature navigator! :-)
Of course, there are workarounds to no SSH, and SSH for routers is only one aspect of a multifaceted "security defense in depth" approach, but a rather important aspect...
__________________ Priscilla Oppenheimer www.topdownbook.com "Life's a gift, and then you die."