-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> The questions is this;
>
> On an internal network that is switched (making sniffing harder) is it
> worth going to SSH and SCP??????
You already seem to know the basic fact a lot of people get confused with...
sniffing switched networks is possible. :)
In my opinion (from reading lots you understand :] ) is that the r* commands
are very insecure. I believe usernames and passwords are clear text, and
therefore vulnerable to sniffing. Combine this with the fact that the people
on your "internal" network may not be limited to who you *think* is on your
network. I would go for the more secure option every time. I only have 2
machines and I ssh between them, even on a lowly dial-up. You never, ever
know who is really on your networks.
> I am aware how to set it all up but the thing is, is it worth it. Bare
> in mind also that few people have passwords to the boxes and the only
> real threat is sniffing the traffic.
Depends what your data is. If your data and/or network is important then you
should use every means possible to secure it. Even if the usernames and
passwords are for "humble users" it doesn't mean they are sacrificial.
I'll leave you with a thought I have been left with after some insightful
training - it sticks in the back of my mind like a beacon.
"local access = root access". If a malicious user gets local access through
any means they are HIGHLY likely to gain root/admin - It is simply a question
of time.
> All opinions welcome,
> thanks
You have mine :)
Mike
- --
By three methods we may learn wisdom:
First, by reflection, which is noblest;
Second, by imitation, which is easiest;
and third by experience, which is the bitterest.
--Confucius
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9ofuM8EqADYNpcNQRAquDAJ9NdFejL1JUhCK5If89huGoWb2z4QCfQGfY
Hw34hRgeAX8tY0Od3zdoGCw=
=fDN8
-----END PGP SIGNATURE-----
