On 03/26/2016 11:32 PM, James Knott wrote: > On 03/26/2016 09:58 PM, David Thornton wrote: >> "As for security, I do a fair bit of work with Cisco gear and am a CCNA. >> Telnet is very often used to configure them, which is plain text." >> >> Oh god my eyes. >> > I don't recommend telnet, but many people do use it. However, it's not > as risky as it used to be. Back in the days of coax or hub based > Ethernet, anyone could see all the traffic on the network. This made it > easy to intercept IDs and passwords. With switches, in order to do > that, you'd need one of those taps I mentioned earlier or management > access to the switch. Of course, telnet still shouldn't be used over > the Internet. Also, while some gear supports ssh, there is still a lot > that's telnet only. >
Even with SSH the first thing coming back from the switch is a set of well defined headers and prompts so I would be willing to bet that SSH on a switch is fairly crackable. A lot of the lower end switches use a http web interface which is no more secure than telnet. Sadly switch configuration has not changed much in the last 20+ years. It would be interesting to see cheap Openflow switches but that technology is still a few years away from permeating the SME market. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 [email protected] || --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
