Super-Networking Blog

So like most IT security minded people I want to use SSH on everything I can because with telnet your username and password are sent over the wire in clear text. Now I know most of you say well if you are internal what matters it your password is sent in clear text who would be listening? Well a lot of people could be, your boss, your fellow employee in IT, a rouge server, etc…

One thing that you can do to mitigate the threat to to make sure you are switching all your data since a switch doesn’t broadcast most data like hubs do. That still leaves it open to people who have access to the network switches and can sniff your port or the port you are going to. So you can use SSH since it is encrypted and that will protect you. Now not everything supports SSH, both on the software side and on the hardware side. I can’t help with the hardware, if your switch or router doesn’t support SSH either you have to buy a new IOS for it or stick to telnet at your own risk.

As for the software side if you have a program that needs to connect to your network devices over telnet and it can’t be switched to SSH and you really need it listen up.

You can use the access-class command under line vty 0 4 to lockdown what IPs have access to SSH or Telnet.

Example Commands:

ip access-list extended vty
permit tcp host 10.10.0.5 any eq telnet log
permit tcp any any eq 22 log
deny tcp any any log

line vty 0 4

access-class vty in

transport input telnet ssh

So that ACL would allow 10.10.0.5 to telnet to the network device and anyone to SSH. FYI that older versions of the IOS don’t allow you to use extended ACLs so you would only be able to determine IPs not ports/services.

I have been looking far and wide for a good free file transfer program (not FTP, different protocol) for Amazon S3. S3 only has an API not an interface for you to upload your files. Since I am not a developer and can’t make a program to use their API I need to find one. Free is the best.

I have played with quite a few and it seems like most of them out there are either really fast transfers with the worst interface you have ever used. Either that or the interface is great and the transfers are dog slow. The other class of programs I have been finding are backup programs; I don’t want to just make backups I want to be able to pick and choose what I put up there and change rights.

I finally found what I was looking for, a product called Sissle. This program has a blazing fast transfer, a great user interface and all the features you could want for basic transfers. You can setup your ACLs, it supports file structures, it functions basically like a FTP program just using Amazon’s API.

I just started using it this morning so if I find any major problems I will update this post. So far it is great!