Re: [foxboro] Go Global security issue
- From: "Corey R Clingo" <clingoc@xxxxxxxxxxxxx>
- To: foxboro@xxxxxxxxxxxxx
- Date: Fri, 16 Jan 2004 10:30:37 -0500
Yes, it's possible to "sniff" the username/password with Telnet, as it is
sent as cleartext, but modern switched networks make this somewhat more
difficult. Further, anything you type while in GoGlobal (like passwords to
change environments) may likely also be "sniffed".
The most widely-used answer to your dilemma is the SSH (Secure Shell)
protocol. For a good, free implementation, check out OpenSSH for your AW,
available on sunfreeware.com. Nothing is sent as cleartext, and it will
tunnel just about any TCP-based protocol over an encrypted channel (i.e.,
hard to "sniff"). It may even come with Solaris 8, but I'd probably still
get the sunfreeware version because it is newer (with security-related
software, you want as many bugs to be fixed as possible).
Windoze PC clients include the previously-mentioned PuTTY (free), OpenSSH
itself running in the Cygwin environment (also free), and SecureCRT (about
$100 I think), among others.
We use OpenSSH for session establishment and tunneling of the X protocol to
Exceed on the PCs. Works great, but some applications (ICC, Display
Builder/Configurator, etc.), because of the funky way the I/A software runs
them, require more effort for the tunneling. GoGlobal, unlike Exceed, sets
up a local X server I believe, and uses its own protocol to communicate to
the PC (more like VNC) so it ought to be somewhat easier to set up the
tunnel. I don't have GoGlobal, though, so I can't say for sure.
Corey Clingo
BASF Corp.
|---------+---------------------------->
| | "Penndorf, Rocco |
| | (RP)" |
| | <RPPenndorf@xxxxx|
| | om> |
| | Sent by: |
| | foxboro-bounce@fr|
| | eelists.org |
| | |
| | |
| | 01/16/2004 01:47 |
| | AM |
| | Please respond to|
| | foxboro |
| | |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: "'foxboro@xxxxxxxxxxxxx'"
|
| cc:
|
| Subject: [foxboro] Go Global security issue
|
>------------------------------------------------------------------------------------------------------------------------------|
Hello list,
i've got a security question regarding GoGlobal. I've heard that Telnet
program (GoGlobal is using telnet to establish session to host machine)
does not code the username and password information when sending to the
hostmachine. So, i've been told, it is possible by using a sniffer program
to find out usernames/passwords just by "listening" the network traffic.I
really don't what kind of "hacker" knowledge somebody must have to intrude
into a enterprise network and catch password information but i think it's
worth raising the question and ask for your experiences.
Questions:
(1) Is there a chance to make GoGlobal more secure?
(2) Are there better (more secure) solutions on the market (please provide
examples).
Best Regards
_______________________________
Rocco Penndorf
Sr.Process Control Engineer / Acrylic Acid Plant
DOW - Boehlen
Tel.: +49 (0) 34206-8-7524
Fax: +49 (0) 34206-8-7522
E-Mail: rppenndorf@xxxxxxx
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts:
