Curtis Villamizar writes:
It is possible though admitedly not easy to secure a Unix machine quite tightly (and still put some services on it allowing it to do some useful work) since the services needed for remote administrative access can be fully encrypted. It is not possible to secure a router from the major router vendors at the present time since administrative access involves telnet access where the open TCP session has full priviledges and remains "in the clear" for long periods of time and ready for hijack.
If (and only if) you're competent to secure a Unix box, this is pretty easy to deal with. Put one on a private wire with the router, connect to it in a secure encrypted fashion (kerb or ssh, these days?), and from there cleartext telnet to the router is fine. Of course, it costs money. But you can get away with one box and one private net for all the routers in one location, assuming all the routers are in the same security zone. /a