[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] re: Telnet security

Subject: Re: [cobalt-security] re: Telnet security
From: Jan P Tietze <jptietze@xxxxxxxxxxx>
Date: Wed, 25 Apr 2001 21:27:21 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Mark Anderson wrote:

> >SSH1 logins can also be sniffed and cracked in a switched environment, use
> SSH2 on a non-standard listening port
> Monkey in the middle code means no protocol is safe regardless of the
> encryption.

I disagree. Crypted protocols can be *really* safe, like SSH2. Public Key
Cryptography is based on the assumption that we are communicating over unsafe
channels...

Using a non-standard listening port has the advantage of not falling in
standard traps aimed for random victims, assuming they are using standard
ports. It does not stop a determined attacker. However, random script-kiddie
type of attacks are probably the main (read: near 100%) worry to most
subscribers of this list.

Jan

References:
- Re: [cobalt-security] re: Telnet security
  - From: Mark Anderson

Prev by Date: RE: [cobalt-security] re: Telnet security
Next by Date: RE: [cobalt-security] re: Telnet security
Previous by thread: Re: [cobalt-security] re: Telnet security
Next by thread: RE: [cobalt-security] re: Telnet security

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index