[SATLUG] OT: Router-related question

redpill toddwbucy at grandecom.net
Wed Feb 10 20:39:15 CST 2010


On Wed, 2010-02-10 at 17:50 -0600, Don Wright wrote: 
> >>> No ssh? How do you admin headless boxes?  --Don
> 
> redpill replied:
> >> through a serial port if you have a halfway decent router.
> 
> Bruce added:
> >You could also burn EEPROMs and replace them.
> >
> >There is always a trade off between security and convenience.
> 
> Great suggestions. How do you implement them on a virtual device located
> somewhere in the Cloud? Notice I didn't confine my query to small home
> devices. 
> 
> It sounds like you're saying SSH is so insecure it shouldn't be used
> even in non-critical situations. If so, what is the replacement?  --Don
> 
I wouldn't say that SSH is insecure, its not.  My point is that SSH or
for that matter any form of encrypted communication is only as secure as
the practices that surround their use.  SSH encryption can be cracked
(http://www.youtube.com/watch?v=7CP-JB4QARo), SSL can be cracked
(http://www.youtube.com/watch?v=7kQ_nTRt37c), and its getting easier and
easier to do so.
I understand that stuff has to get done and these protocols will be used
what I am saying is that you should never think that just because you
are using HTTPS or SSH you secure.
In the above scenario All someone would need to do is run a tcpdump (say
tcpdump -nXSe -s 1545 -c 5000 -t port 443 -w somefilename) scp the
capfile out of the network.  once the cap file is out of the network it
can be analyzed and decrypted at the cracker's leisure.
the point is your never as secure as you think you are.

Todd



More information about the SATLUG mailing list