On Thu, 6 Jul 2000, Jeffry Smith wrote:
> Convert to ssh and shut down telnet. As long as you have telnet open,
> you're vulnerable.
Hmmm. AFAIK, simply having telnet open isn't insecure. It is using telnet
-- specifically, logging in with your password in the clear -- that makes you
vulnerable to sniffed passwords. SSH will help prevent that.
However, simple SSH session encryption won't protect against
man-in-the-middle attacks, and it is still vulnerable to brute force attacks
and weak passwords.
Only SSH with mutual public/private key authentication is truly secure
against all known attacks.
Hmmm. The random sig quote is appropriate.
--
Ben Scott <[EMAIL PROTECTED]>
| "...it is important to realize that any lock can be picked with a big |
| enough hammer...." -- Sun System & Network Admin manual |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
