Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ABOVE.NET SECURITY TRUTHS?

  • From: Danny McPherson
  • Date: Fri Apr 28 17:22:37 2000


IMO, it requires more than this.  Ideally, one-time, token-based (i.e. SecurID)
passwords, coupled with SSH, is the best solution, especially with the turnover
rates at providers these days.  

Of course, this also requires that all the backend (RADIUS, configuration management,
etc..) and out-of-band systems are secure, which is another rathole altogether.

As for this incident, well, I think if the intial intent of the 
"divulging message" was simply to remind folks to change their 
passwords, the points been made.

-danny

> 
> I don't think you can.  However, I use TACACS on all my switches and 
> routers.  From what I know, TACACS passwords are encrypted using the key on 
> your network devices and the TACACS server.  So, that, in combination with 
> a private management LAN not accessible by your customers should lock down 
> your network pretty effectively.  Any comments?





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.