leblanc
asked on
ssh versus telnet validation
I am trying to validate that ssh should be used to access network equipment, Cisco or other brand, instead of telnet. Are there any credible sources out there that for best practice, one must use ssh instead of telnet. Thanks
ASKER
I am trying to convince my manager from converting telnet to SSH. That is why I need credible sources that can back me up, like Cisco, HP, Juniper, etc... My manager said that there is no risk for somebody to compromise the network equipment even though the password is in plain text.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ask him what would he tell his superiors when the system gets hack through his/her stubbornness to change security protocol to heighten the security within the organization.
Every half decent IT person should know not to use TELNET because of security flaws.
here is a link explaining the difference between ssh and telnet.
http://www.differencebetween.net/technology/internet/difference-between-telnet-and-ssh/
Every half decent IT person should know not to use TELNET because of security flaws.
here is a link explaining the difference between ssh and telnet.
http://www.differencebetween.net/technology/internet/difference-between-telnet-and-ssh/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Ken,
"I have seen things like this happen several times over the past decade." Any articles on this?
All,
His argument is our internal network (physical) is "secured" as the doors of the closets and server rooms are locked. We talked about the sniffing part. But in order for that to work, you have to physically access the switches and run SPAN or mirror port. Not sure how the sniffing will work if you come in through the FW.
"I have seen things like this happen several times over the past decade." Any articles on this?
All,
His argument is our internal network (physical) is "secured" as the doors of the closets and server rooms are locked. We talked about the sniffing part. But in order for that to work, you have to physically access the switches and run SPAN or mirror port. Not sure how the sniffing will work if you come in through the FW.
leblanc - no articles on this. These are things I have witnessed that have happened among my customer set, where internal attacks were made by employees or out going employees that have caused a lot of damage to their former employer. Where there is a will there is a way. There is not a network out there is 100% foolproof. We do what we can to mitigate the risks we see.
Look here is the bottom line. How hard is it really to freaking use ssh? I mean for real. There is a command line version of putty that can be installed:
http://kb.site5.com/shell-access-ssh/putty-how-to-start-a-ssh-session-from-the-command-line/
But gee whiz you can set up all your stuff in putty and just click on the links to access the devices.
If you want to buy something then get SecureCRT but really how much harder is it really to issue ssh than telnet?
Your boss is either lazy or is afraid of it because he doesn't understand it.
Look here is the bottom line. How hard is it really to freaking use ssh? I mean for real. There is a command line version of putty that can be installed:
http://kb.site5.com/shell-access-ssh/putty-how-to-start-a-ssh-session-from-the-command-line/
But gee whiz you can set up all your stuff in putty and just click on the links to access the devices.
If you want to buy something then get SecureCRT but really how much harder is it really to issue ssh than telnet?
Your boss is either lazy or is afraid of it because he doesn't understand it.
ASKER
I could not agree more. I think I will make the case and I will enable ssh on the switches. Thank you all.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dave,
That's a good one.
That's a good one.
I'm not sure that you'll find anything definitive that says you must use ssh, but there are recommendations on the Internet. Here's one (http://www.dummies.com/how-to/content/cisco-networking-telnet-and-ssh-connections.html) from the For Dummies website, for example.
/T