Security Basics mailing list archives

Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618

From: Justin Pryzby <justinpryzby () users sf net>
Date: Tue, 24 Jun 2003 21:34:48 -0700

If you are connecting to the firewall host through an unknown/insecure
network, then the owners of that network will be able to see your
password.

If you are connecting to the firewall host through a local network, and
are connected through a hub (rather than a switch), than local users
(with root/admin privledges) will be able to see your password.

Justin
On Wed, Jun 25, 2003 at 01:42:02AM +0000, Hilal Hussein wrote:




Hello All,

i am not sure if i am asking the right question within the same subject,but
i am configuring the firewall throught the telnet connecting / from winxp
workstation.

Is there any possibility for any internal user to use any tools that will
haijack my telnet password - password for the firewall too!, and what are
the measurements for securing the telnet session.

with regards,
Hilal Hussein

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
    
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
         
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Damon McMahon (Jun 19)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Ansgar Wiechers (Jun 20)
- RE: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 dave (Jun 20)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Anders Reed Mohn (Jun 20)
- <Possible follow-ups>
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Hilal Hussein (Jun 24)
  - RE: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Joe Osborn (Jun 25)
  - Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Brad Mills (Jun 25)
  - Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 James Fields (Jun 25)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Justin Pryzby (Jun 25)