Mailinglist Archive: opensuse-edu (146 mails)

< Previous Next >
Re: [suse-linux-uk-schools] Re: Fw:
  • From: Nick Drage <nick-drage@xxxxxx>
  • Date: Fri, 28 Jul 2000 01:05:45 +0000 (UTC)
  • Message-id: <Pine.LNX.4.21.0007280041210.213-100000@xxxxxxxxxxxxxxxxxxx>
Hi,

Keeping this thread going as I'm hoping it proves vaguely useful, hoping
Simon stays on the list even though he's indirectly taking some flak, and
presuming Roger will stomp on us if we drift too far away from the SuSE
schools subject matter....

On Thu, 27 Jul 2000, Frank Shute wrote:
> On Thu, Jul 27, 2000 at 05:01:55PM +0100, Simon Rainey wrote:

<snip policy and politics>

> > >< useful cracking info snipped >
> >
> > Any half-decent hacker would have no problem whatsover in discovering what
> > O/S and software is used on any given system. Giving out such information
> > is not considered a significant risk.
>
> Help them as little as possible is my motto.

Agreed, though presumably the membership off this list is vaguely audited?
Of course having a sysadm@xxxxxxxxxxxxx address doesn't make you
trustworthy, but it makes you a little more trustworthy than
evilhax0r@xxxxxxxxxxx :)

> > The users in question do not wish to use SSH. We could insist on it, but
> > there has to be a balance between security and useability. We are happy
> > that the server is sufficiently secure. There is an obvious risk in sending
> > plain text passwords across the Internet, but this applies just as much to
> > FTP as to telnet.
>
> You should insist on it. It doesn't apply `just as much' to FTP -
> cracking a box with telnet is a walk in the park in comparison and
> if you install ssh you can dump FTP aswell.

Yeah. though it's not *quite* as simple admittedly. Vague experience of
SSH windows clients available on request.

> I don't understand the `useability' issue with ssh that you talk
> about. To an end user they simply login as they would using telnet,
> it's a bit slower than telnet because of the encryption overhead but
> it means that your passwords can't be sniffed.

Also, with the right options, you can take emphasis on the authenticity of
the source away from the source IP and give it to the host keys held by
whatever source IP connects.

> > On the security issue, we recently commissioned an extensive independent
> > audit and were assessed to be "significantly more secure than the majority
> > of ISPs".
>
> Go back to the people who carried out your security audit and ask
> for your money back!

Heh, while being "less insecure" that your digital neighbours isn't the
greatest guarantee it does mean you're less likely to be attacked, however
I think that comment is probably more of a comment on the ISPs than
yourselves.

--
Nick Drage, helping fill up the internet since 1993.

Third Rule of Windows Troubleshooting:
RE-INSTALL EVERYTHING.... TWICE



< Previous Next >
References