On Tue, 1 May 2001, Kyle Hargraves wrote:
>
> ..mmm - well of course ssh is more secure than telnet but
> in a secure network (i.e. non public) with a need for telnet
> access to a host by PCs there is an argument for telnet.
I must take strong exception with this idea.
System security is best when it is security in depth. You should have
multiple layers of protection, and your security should not end at the
firewall.
Using ssh on an internal network has a number of substantial advantages:
o It makes it more difficult for an intruder who has penetrated your
exterior defenses to gain access to inner, supposedly more private,
resources.
o The majority of systems abuse is orchestrated by an "inside" person,
either maliciously or unwittingly. Allowing people to sniff out telnet
sessions on your local LAN is a risk, even if you trust your users.
Trojans and worms regularly work themselves into protected layers and
sniff.
o SSH is just plain more convenient than telnet. Once you get the hang of
SSH, X forwarding, port forwarding, RSA key authentication, and the
multitude of other features make it simply more convenient than telnet.
I have yet to see a real case made for using telnet over ssh. The closest
was when someone proposed to me that telnet was lower bandwidth and lower
latency than ssh. After we did a few tests with ssh compression, we found
it was far more efficient than telnet in regular use.
I guess I am a bit of an ssh fanatic, but I really haven't seen a case
where ssh wasn't better than or at least equal to telnet. I would
personally like to see telnet banned the way rsh/rhosts was banned by
concientious SAs a decade ago.
thornton
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
