Responses inline... On Monday 07 October 2002 11:02 am, Trevor Cushen wrote: > Hello all,
> Quick opinion based question. I have an switched internal network that > currently uses a lot of rcp with rsh authentication to moves files > about. Platforms are unix and nt (ftp on the nt side) In that case, this is just my opinion, not formal oracular advice. (Apologies to The Hitch Hiker's Guide to the Galaxy :) > More secure is ssh and scp for all platforms, but I have several scripts > that would all have to be re-written and a fair bit of setting up for > all the clients and servers involved throughout the organisation. > The questions is this; > On an internal network that is switched (making sniffing harder) is it > worth going to SSH and SCP?????? I don't think that anyone here can provide a solid answer for you, or even form a good opinion. Obviously, more security == better, but as you mentioned it will also consume valuable resources (time and the almighty insert_currency_here). You obviously realize that just having a switched network isn't a cure-all against sniffing, so there always remains a chance that unencrypted traffic could be stolen in transit (as could passwords, etc). Basically, the best answer we can provide is another question: "How much is your data worth to you and your company?" You need to sit down and figure out how much it will cost to rewrite those scripts and deploy SSH everywhere vs. the amount of damage (whether financial, intellectual, or public image, or some other intangible) that could be done were the information stolen and subsequently leaked. > I am aware how to set it all up but the thing is, is it worth it. Bare > in mind also that few people have passwords to the boxes and the only > real threat is sniffing the traffic. Au contraire, I would think. Do you have IDS (both network and host-based) set up everywhere? Do you monitor logs for strange activity? Is everything set up using principles of least-privilege? Just because one does not have the password to a machine does not mean that one cannot gain access -- for example, a vulnerability in the FTP server (for those WinNT boxen) could lead to someone having access to ALL of those important files without ever knowing a password. If sniffing is the only attack vector that you're considering, you may want to rethink your security procedures in general before worrying about anything specific like SSH. > All opinions welcome, > thanks > > Trevor Cushen > Sysnet Ltd > > www.sysnet.ie > Tel: +353 1 2983000 > Fax: +353 1 2960499 Peter Kristolaitis
