[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] new ssh exploit?

To: Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] new ssh exploit?
From: Cael Abal <lists@xxxxxxxxxx>
Date: Wed, 17 Sep 2003 10:44:00 -0400

SSH over VPN ? whould this be more secure or Telnet ( no i dont use this ) over VPN

Good morning Aditya,

Although I can't find any sources other than this at the moment, it's commonly understood that a significant number of malicious behaviour originates within an organization's internal network -- that is, your users are the bad guys. The article referenced below says 35%, but I have no idea where they got that number.

http://lists.insecure.org/lists/isn/2000/Jan/0011.html

That being the case, consider that VPNs only protect you across the public (untrusted) network. Once you hit your internal (untrusted) network, telnet sessions would be in the clear.

take care,

Cael


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] new ssh exploit?
  - From: Aditya

Prev by Date: Re: [Full-Disclosure] Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability
Next by Date: [Full-Disclosure] VeriSign hires Omniture to snoop on typos
Previous by thread: RE: [Full-Disclosure] new ssh exploit?
Next by thread: RE: [Full-Disclosure] new ssh exploit?
Index(es):
- Date
- Thread