Thus spake "Sean Donelan" <sean@donelan.com>
Two issues tied as being of prime concern to those network administrators surveyed: 32% responded that they worry most about "the next virus/worm" and an equal percentage answered they worry most about "a security breach to the enterprise's network." The big surprise was that 34% of survey respondents said they had "no worries and sleep like a baby."
When I read that, I immediately thought of a quote by Colin Powell: "I sleep like a baby, too. Every two hours I wake up screaming!" Too many people in this industry either ignore security completely or think that it's the sole province of the "security department". Some vendors have gotten their act together, even Microsoft, but they haven't made a dent in the mindset of their customers. Even among NANOGers, it's pretty obvious most networks don't even do the most rudimentary of source filtering, so how can we expect more advanced technologies to be adopted? On the SSH/SSL front: IMHO these technologies give a false sense of security. Sniffing cleartext management sessions is a concern, yes, but actual incidents where it occurs, especially within your own network infrastructure, are vanishingly rare compared to the commonplace compromise of individual hosts. Creating a secure link between hosts is wasted effort at best if you can't trust the host at the other end of that link. S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin