Sean Donelan wrote:
Survey: Despite dangers, IT personnel sleep well By Bill Brenner, News Writer 27 May 2004 | SearchSecurity.com
I liked this quote, About 43% of respondents said they're using the Secure Shell (SSH) protocol to protect data, secure remote access, and perform network management. But while the current SSH2 is considered to be significantly more secure, nearly 45% said they are continuing to mostly use the older SSH1 protocol. A cause for greater concern, according to the surveyors, is that 54.9% said they continue to configure their network devices via Telnet, which is known by network security experts to be severely vulnerable to intruders because it sends data as clear text and offers only weak password authentication. For Marc Orchant, head of communications at VanDyke, that was one of the biggest shockers, especially since it costs little or nothing to upgrade these protocols. It "costs little or nothing to upgrade?" Does it seem a bit disingenuous for a remark like that to come from someone at a company that sells a commerical SSH distribution? Anyone from the real world knows that there are real and significant costs to convert an existing infrucstructure with telnet, the r-protocols, ftp, and all of their unencrypted, unauthenticated friends to SSH and SSL secured connections. Yeah, maybe the software licencing costs are little to nothing, but the administrative overehead of converting all of your other scripts and software, plus lots and LOTS of retraining of admin and users can be very expensive or simply infeasible. And just one more quote, "I guess the message here is that ignorance is bliss," said Steve Birnkrant, chief executive officer of Amplitude Research Inc., which conducted the survey on behalf of Albuquerque, N.M.-based VanDyke Software Inc. "What most surprised me was the general sense of complacency. Much has been written in the media about security issues, and this makes me wonder if people are listening." Why aren't people listening? I think Mr. Birnkrant needs to go way back to old childhood fables and have a refresher on the boy who cried, "Wolf!" -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387