Date: Mon, 7 Jun 2004 11:39:57 +0100 From: Michael.Dillon@rad...
Consider the case of a staff member lounging in the backyard on a lazy Saturday afternoon with their iBook. They have an 802.11 wireless LAN at home so they telnet to their Linux box in the kitchen and run SSH to the router. Ooops!
I see. SSH doesn't solve all problems, and therefore must be worthless. Now let's look at kerberized telnet. Someone logs in via kerberized telnet over an insecure network, then decides to change his/her password. Oops. Someone could screw up OTP SSH+KRB5 logins over IPSec if using a compromised box with a keylogger installed. Does that mean each of these technologies is worthless?
The only way to protect against that sort of situation is to encourage everyone to be security-minded and not take risks where the network is concerned.
Definitely. Alas, I'm seeing more "it won't happen to me" than in the past. It's almost as if the "logic" is "I hear more about this, but haven't noticed anything awful, and therefore must be invincible." Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.