On 03/26/2016 11:32 PM, James Knott wrote:
On 03/26/2016 09:58 PM, David Thornton wrote:
"As for security, I do a fair bit of work with Cisco gear and am a CCNA. Telnet is very often used to configure them, which is plain text."
Oh god my eyes.
I don't recommend telnet, but many people do use it. However, it's not as risky as it used to be. Back in the days of coax or hub based Ethernet, anyone could see all the traffic on the network. This made it easy to intercept IDs and passwords. With switches, in order to do that, you'd need one of those taps I mentioned earlier or management access to the switch. Of course, telnet still shouldn't be used over the Internet. Also, while some gear supports ssh, there is still a lot that's telnet only.
Even with SSH the first thing coming back from the switch is a set of well defined headers and prompts so I would be willing to bet that SSH on a switch is fairly crackable. A lot of the lower end switches use a http web interface which is no more secure than telnet. Sadly switch configuration has not changed much in the last 20+ years. It would be interesting to see cheap Openflow switches but that technology is still a few years away from permeating the SME market. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||