[NTLUG:Discuss] Strange iptables problem on CentOS 4.4

[steve]

. Daniel wrote:

> I guess I can sort of understand what you're trying to say, but I don't 
> fully understand the benefits.  For example, at a previous job, I couldn't 
> telnet into most of the Linux boxen, but ssh was available.  By default, 
> even when telnet is available, root isn't available as a user.  However, 
> with ssh, it is.  I have never set up ssh before.  It either is or it isn't 
> as far as I know.  So as far as I am concerned, ssh is rather like https.  
> The two points have established an encrypted link.

Telnet needs to *die* - it's 100% obsolete.  ssh isn't perfect but it's
heck of a lot better than nothing.

Telnet was designed for use inside a little private network within
one building maybe.  It's a lot older than the Internet and there is
a strong case to be made for deleting it along with every copy of it's
source code that we can find!

With telnet, your data (including your password) goes across to the
other computer in plaintext.  So anyone with any moderate amount of
skill and/or interest can find out what your password is on the remote
machine.  Once they know that, they can also telnet in, pretend to be
you and do an awful lot of damage.  This damage might include installing
their own software onto that machine to use it as a base for launching
Spam, DDOS attacks and all manner of other horrors USING YOUR ACCOUNT.

Not only is this dangerous for you - but it's also exceedingly
antisocial because it gives the bad guys more computers to launch
their attacks from.

So it's not just about you - it's about being a good netizen.

ssh encrypts everything.  There may have been a time when this was
a significant burden in terms of CPU time - but these days the CPU
is so much faster than the network that it really doesn't matter
much except (perhaps) in the most demanding situations.

So - get used to it.  ssh and tools like scp are the way things
should be done...as the barest minimum.

> But fundamentally, I have to wonder about perceptions.  Is it better to use 
> something you don't fully understand simply because other people do?  Or is 
> it better to understand what you're doing?  I have always subscribed to the 
> latter as the former never made much sense to me.  Been like that since I 
> was a little boy though, so maybe it's just me.

When the consequences only affect you - then it's your call - but when
it affects us all, you owe it to the community to use at least a
minimally secure tool.

ssh/scp are really easy to use and most (if not all) Linux/UNIX systems
have it installed.  It shouldn't take you 20 minutes to learn all you
need to know about them.  They aren't secure enough for military-grade
secrets - but for what you are likely to use it for, they are pretty
secure.