Infosec rants. Your 'Daily Source' for Infosec Tips and Tricks (tm). Warning: Bad humour and unintended puns may follow.

Tuesday, March 07, 2006

Why replace telnet with SSH?

I still get asked this one from time to time, so here it is in writing for future reference.

Essentially you might as well ask why you should replace any unencrypted protocol with an encrypted one. A detailed risk or cost benefit analysis is probably unnecessary when you consider this question:

Do you trust the people you allow onto your network?

If the answer is no, and it really should be, then you should consider replacing any unencrypted authentication (HTTP Digest, FTP, Telnet) to your companies assets with more secure methods (HTTPS, SSH, SFTP).

If you can’t be convinced to distrust your staff, then I hope you have implemented Port Based Network Access Control (802.1x) or have really clever guard dogs at a minimum, because with the following freely available tool, anyone who manages to connect to your network will basically own it.

At it's heart Cain is an extremely comprehensive, yet easy to use, set of password cracking tools combined with a network sniffer. The latest feature to be introduced is truly frightening. Automated ARP cache poisoning. For those of you who don't understand the significance of this you should read the following article:

Quite simply it gets around one of the supposed security benefits of switched networks. The inability to sniff traffic destined for ports other than the one you are connected to.

If you enjoyed this post Bookmark it at

Friday, February 10, 2006

Tip #1 - Never use customer data in a test lab. Or 'How to get Fired in Three Easy Steps'.

This is one that never ceases to surprise me. People, how hard is it to generate fake customer data? Wait that gives me an idea. A 'Fake Customer Generator'. I'm going to get right on it.

If you enjoyed this post Bookmark it at

Thursday, February 09, 2006

My Favourite Tools (smirk)

The obligatory posting of favourite security tools:
  • Nmap
    • The tool that has rocked many a world.
    • nmap -sI 4lyfe
  • Tcprelay
    • Great for knocking over flaky services
  • Nemesis
    • A bit like witchcraft for packets.
  • Putty (is there an alternative?!)
    • SSH Client.
  • Nessus
    • The lazy way.
  • Powerpoint
    • No jokes. The most effective way I know of explaining security to the PHBs other than knocking them over the head with a brick.

    If you enjoyed this post Bookmark it at

    Socialise This