Many thanks to those that answered and all excellent answers that I will use in my argument to the customer. A few interesting points came up also. Ettercap and dsniff were mentioned and duly noted as I have used them before and should have left out the part about sniffing a switched network in my question. Another point was raised that the access needed to sniff should be removed first and foremost (Brad Arlt I think). Most definantely and it has as much as possible. Physical security to the building and any access points is quite strong. No external access connections are part of this segment of the network so external attacks getting in is a low possiblity (but yes possible I suppose so can't be ruled out) I want to go SSH and have the encryption but the work involved is hard to justify to the customer (because the work is their side, as in rewrite the scripts). The argument that Ettercap claims to break SSH must also be throw into the mix here too. I could use stunnel if I just wanted encryption????
Here is another spanner in the works and I hope I am corrected on this because I want to be wrong here. We would be using SSH and SCP. SCP for automated scripts. To get scripts automated my understanding is that the best security in this scenerio is use RSA authentication only. Thus no password request when I do 'scp host:file filedst'. But then does that mean that my SSH client will not be prompted for a password. In that case accountability is at the machine level. If I am wrong please inform me gently as I have only started looking at this in ernest. Yes I can go rhosts authentication but that defeats the purpose to a large degree as rhost files is what we want to get them away from. I am currently installing a SCO machine, Solaris machine and NT machine to set all this up and emulate the site as much as possible. I will post the final result in time. Thanks again for the feedback. Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 ****************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or [EMAIL PROTECTED] ******************************************************************************
