Re: Putting together a server/network...

["C. Bensend" <benny@bennyvision.com>]

On Fri, 2 Nov 2001, Steve Wingate wrote:

> Just out of curiosity, on a fully switched LAN why is telnet a bad thing?

Hey folks,

	I am no expert, but I can think of a few reasons:

1)  Security in layers - if someone penetrates your perimeter,
    why should you give them plaintext on the LAN?
2)  Who says your internal users are trusted?  While it depends
    on who you ask, 30% - 70% of all security incidents are
    perpetrated from _inside_ your perimeter.
3)  Curious techie-types on the LAN.
4)  Depending on the network hardware you use, it's often
    trivial to hop VLANs to snoop all traffic, even on a
    "fully switched" LAN.

	Several of my workplaces have been hard-as-nails
on the outside, but soft-n-squishy on the inside.  If we
had ever had a breach of our perimeter, we would have been
toast.

	IMHO, there is no reason for _any_ telnet access
on a UNIX or mixed Windows-UNIX network at all.  SSH clients
are cheap or free for all of the above.  We just need to
educate the (l)users.

Benny

ps:  Don't start a flame war over this.  It's not worth
it.  I was simply answering his question.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You see, we're leveraging the synergies of our existing open source
solution, without reliance on a single vendor.
Or in english: We use samba cause NT sucks ass.
                                                       --greg@rage.net