On Sun, 21 Sep 2003, Rafael 'Dido' Sevilla wrote: > On Sun, Sep 21, 2003 at 10:02:17AM +0800, william villanueva wrote: > > Should one worry much about this if its an internal network? I was in > > Yes. As many other people have mentioned throughout this thread, a > distressingly large number of compromises are made by insiders. Not > only that, get used to doing things one way on what you think is a safe > network, you might find yourself carrying over your dangerous habits > into a not-quite-so-safe environment later on. > > I stand by my contention that the only good Telnet or FTP are Kerberized > versions of the same. > > > St. Luke's late last night and I was checking out their online billing > > system. Seems that it has quit its program and was toying with it. > > They are using Reflection to connect to their main server via telnet. > > > > I think MWSS is also using Reflection to connect to their server to > > access the accounts. > > These are not the only places. Our company has some clients (whom I > will not name) who flat insisted, even in the face of our vigorous > protests to the contrary, to allow telnet, FTP, RSH, and all these other > old, dangerous protocols on the new RHAS2.1 boxes we installed for them. > The boss tells me, hey, it's their funeral. A script kiddie that > somehow gets into their network will have a field day, or more > plausibly, they've made an internal saboteur's job that much easier. >
Usually in these situations, my line would be: "Ok, i'll install the telnet service, no problem. But that's going against my specific advise not to. And, i'd also like the managers to sign off on it. And also, by the way, if the server gets compromised, my professional fee for fixing it will be very expensive." Usually, when the issue boils down to cost, most clients will relent. Pity it had to come to this \8( -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
