Thus spake "Henning Brauer" <hb-nanog@bsws.de>
* Robert Boyle <robert@tellurian.com> [2004-06-07 14:08]:
I really truly don't see the problem with plaintext telnet management of routers.
It is exactly this belief in the security of your networks that gets this industry in so deep shit.
Mostly agreed.
You loose nothing with using ssh instead of telnet. You win a lot.
You lose money and time because you have to license more expensive code, upgrade RAM and flash to handle larger images, have to train your staff how to use SSH, have to test and roll out changes enabling SSH and disabling telnet, have to deal with sub-300-baud interactive performance on older router models, etc. In spite of all that, I do encourage using SSH whenever possible, but believing there is no cost associated with doing so is foolhardy. Depending on the perceived level of threat, one might consider other security projects to be a higher priority. We all have to deal with limited funding and staffing for projects, even for critical functions like security. S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin