Re: Putting together a server/network...

[Steve Wingate <steve@velosystems.net>]

On 4 Nov 2001 02:19:54 -0000
"Dr. Evil" <drevil@sidereal.kz> wrote:

> > 	No, it is YOU who don't understand.  Security is based on knowledge and
> > understanding, period.  If Steve needs to know what makes telnet
> > unsecure in a certain environment, it is best to inform him so that he
> > then can figure out what ELSE is insecure in that environment. 
> 
> He seemed to have a pretty good handle on it.  He knew what a switched
> LAN is and why it is relevant to unencrypted protocols (ie, it may
> provide some protection against LAN sniffing).  That's why I answered
> the way I did.  If he had asked, "what's the diff between telnet and
> ssh" or some lower-level question I would have answered differently.

The question many of you answered, why ssh is better than telnet, is not the question that was being asked. I fully understand the benefits of ssh over telnet. 
The question really being asked was is telnet ALWAYS (keyword here) a bad thing with tcp wrappers and such available, and the answer seems to be no. I suppose I should have phrased that more clearly. It just seemed to me that to take advantage of the insecurities in telnet (lack of encryption) you had to have already comprised the network in some other way. I do have a poor tendency to assume anyone on the local segment is trustworthy, which is probably what generated the original question to begin with. 
To Dr. Evil, yes you do have to explain to the guy holding the IT checkbook why he should spring for ssh client licenses for his Windows boxes when a free telnet client (not that I would use it) is included. Please do notice I'm writing this from a FreeBSD box before anyone fires up the open source desktop flamethrower. I'm already with ya on that one, 5 of my 7 home machines are unix variants (no linux). 
Anyway, I don't want this to turn into another djbdns/OpenBSD flamefest, since I have procmail sending those directly to the bit bucket already. I've gotten all the answers I needed from both sides so let's kill this before it's too late.



+---------------------------------------------------------------------+
|Steve Wingate <stevew@velosystems.net>                  310.544.9920 |
|MCSE, CCNA, no JOB                      Sun Nov  4 00:17:00 PST 2001 |
+---------------------------------------------------------------------+
|FreeBSD 4.4-STABLE                                                   
|12:17AM  up 13:32, 4 users, load averages: 0.00, 0.00, 0.00  
+---------------------------------------------------------------------+