Michael R. Jinks wrote:
> Martin Forssen wrote:
>
>> But as Damien pointed out in this case they are just deluding themselves
>> if they tink they stop file-transfers by disallowing ssh while still
>> allowing telnet.
>
>
> As I read the post, they don't expect to stop file transfers, only
> hidden ones -- they want to be able to monitor all of the traffic across
> their firewall (even if that means attackers can easily do so as well).
>
> They can snoop telnet, ftp et al; they can't snoop s[cp|sh] from
> host-to-host.
I think that what it comes down to is "Who so you trust?". This may be
the best way to present it to your boss or network nazi's. Do you trust
you employees (who, at least in theory, have some loyalty to the
company, and hopefully won't lift company secrets over secure
connection), or do you trust Joe Cracker (Who almost ccertainly has no
loyalty to the company, and cis much more likely than a regular employee
to be able to installll secure channels of his own to steal company
data.)? With SSH you are putting far more trust in your emploees,
without it you putting all your trust int he crackers.
>
--
Thank you,
Trevor Antczak
Network Administrator II
Tulane University Math Dept.
[EMAIL PROTECTED]
(504) 862-3457
