Hi,
On Fri, 16 Jul 2004, 10:45am -0700, [log in to unmask] wrote:
> If one is writing a textbook, it would be good to *avoid* using telenet
> or rsh in examples of remote connectivity. ...
...
> SSH is reasonably ubiquitious. ...
However, not completely so. The main problem with this is that
someone can be tempted tempted to telnet or rsh from his location
to an intermediate location where ssh is running, and from there
to ssh into the destination host. There is no way (AFAIK) that
the destination host can detect this condition and refuse the
login. Thus, ssh security depends on users obeying a policy --
which is always dangerous, and which gets worth with increasing
numbers and decreasing sophistication of users.
An inconsiderable scenario? Not. Several years ago, one of
our developers logged in the above way, not being fully aware
of the consequence. His password was sniffed, we were hacked
and were offline for a week.
Admittedly, ssh is more ubiquitous now, so the temptation
should be less.
Alternatives? SecureID or something similar -- and/or "security
in depth", not just at the firewall.
-P.
--
**************** "The web is a scary place." - J. Gunn ****************
Peter S. Shenkin Schrodinger, Inc.
VP, Software Development 120 W. 45th St., 32nd Floor
646 366 9555 x111 Tel New York, NY 10036
646 366 9550 FAX USERID: shenkin
http://www.schrodinger.com DOMAIN: schrodinger DOT com
Pre-arranged conf. calls: 702-759-8420 or 888-867-7084; passcode 646-366
|