>sniffible, none of my passwords were. I happen to be one of the lucky
>few who has made it through the politics of large companies to "open
>up the firewall". Yes, corporate IT people see something even as
>secure as SSH as 'opening the firewall'.
>Clearly we need to teach the MIS/IT personnel about existing
>techniques.
In general, the problem is not that the MIS/IT personnel don't know
about or understand existing techniques, or think them insecure. That
would be easy to fix with a little education. The real problem with
SSH, IPSEC, encrypted Telnet and the like is that they're much too
*decentralized* for their taste. And that directly threatens their
power base.
The people who run today's MIS/IT departments are the direct
descendents of those who ran big computer centers in the old days.
They've watched as most of their reason for being has been eroded out
from under them by the personal computer. The network is the only
thing they have left. They justify their tight central control of it
with strident appeals to security fears, just as governments have for
centuries whipped up fears about crime to justify the creation of
police states.
Deploy good security mechanisms in host systems so they no longer
depend on (largely illusionary) security mechanisms in the network,
and you've taken away the very last reason these people have to go on
living. Expect a big fight.
Phil
