On Mon, Oct 07, 2002 at 04:02:35PM +0100, Trevor Cushen wrote: > Hello all, > > Quick opinion based question. I have an switched internal network that > currently uses a lot of rcp with rsh authentication to moves files > about. Platforms are unix and nt (ftp on the nt side) > > More secure is ssh and scp for all platforms, but I have several scripts > that would all have to be re-written and a fair bit of setting up for > all the clients and servers involved throughout the organisation. > > The questions is this; > > On an internal network that is switched (making sniffing harder) is it > worth going to SSH and SCP?????? > > I am aware how to set it all up but the thing is, is it worth it. Bare > in mind also that few people have passwords to the boxes and the only > real threat is sniffing the traffic.
You must think SSH has some redeeming quality if you even ask the question. Ponder that for a moment. As to my generic two cents: SSH is handy for interactive sessions where entering a password must happen. I also like many of the features (X11 forwarding, so I don't have to type that crap manually). Install ssh for telnet/rlogin replacing and see how it goes. If you want to use it in scripts for the security it provides, then you should make sure that it is used during interactive sessions for the security it provides (or you wasted a lot of time for little gain). My less generic two cents: Ask yourself "How likely is it that someone can sniff and alter clear text data streams on my network?" Then ask "How bad is it if they do?" Then ask "With the same level of access required to sniff/alter data streams on your network, could they do even more harmful things?" If you deem a snowball in a hot underworld stands a better chance sniffing packets on your network, then don't worry about it. Just be aware that there is a non-zero chance that this can happen no matter what you do (or don't do). If the universe would end if someone saw (or corrupted) data as a result of clear text transmission. Then maybe a little bit of effort now would be better in the long run. If the people sniffing can do way more harm than sniffing with the access needed for sniffing, then fix that before you add ssh to the equation. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ [EMAIL PROTECTED] University Of Calgary (_)/(_) I should be biking right now. Computer Science
