[Gllug] Router under attack: help/advice needed
Iain M Conochie
iain at shihad.org
Thu Oct 22 10:10:02 UTC 2009
- Tethys wrote:
> On Tue, Oct 20, 2009 at 11:20 PM, Nix <nix at esperi.org.uk> wrote:
>
>
>>>> - Limit logins to public key if possible
>>>>
>>> Please stop spreading that nonsense. It doesn't increase security.
>>>
>> Er, yes it does.
>>
>
> http://lists.gllug.org.uk/pipermail/gllug/2009-July/079554.html
>
This is however your opinion. Here you state
Key pair:
- Protocol vulnerability allows sniffing of data.
- Private key is discovered by attacker through local exploit on client
at any time.
Password:
- Protocol vulnerability allows sniffing of both data and password.
- Password is discovered by attacker through keylogging or similar on client
at authentication time.
But you forget to mention that password authentication is also
susceptible to brute force attacks due to bad passwords. This is the
_main_ thing (IMHO) that keys help prevent, as if users are bad at
having passphrases they are worse with passwords.
Of course this is a trade off. All security is a trade off (and usually
with usability) as seen by the* facetious remark:
Q. What is the first rule of network security?
A. Kill all your users.
Ta
Iain
***
> Tet
>
>
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list