On Mon, 07 Jun 2004 20:46:36 CDT, Stephen Sprunk said:
In spite of all that, I do encourage using SSH whenever possible, but believing there is no cost associated with doing so is foolhardy. Depending on the perceived level of threat, one might consider other security projects to be a higher priority. We all have to deal with limited funding and staffing for projects, even for critical functions like security.
Amen to that. It's the rare shop indeed that internal security projects are high priority - are there *any* shops where "track down user XYZ and smack them upside the head *again*" isn't the most pressing issue, with "Find a way to muzzle XYZ so they can't click on it *again*" is number 2? (I suspect the two categories of shops are "Yes, *again*", and "Usage of live ammo is a realistic option"... ;)