So I’ve been playing around with doku wiki in my free time, and wow is it easy to use. It’s both feature full, and light at the same time. Breeze to install and configure, and ready to go out of the box. Plugins are a breeze to install, and there isn’t a great amount of configuration to worry about. It’s just simple. I like how namespaces can be dynamically added and removed without configuration. Give it a go…
Monthly Archives: March 2010
Why using SSH won't secure your network
SSH is a wonderful protocol / tool which I use every day. It allows a user secure communication between hosts. Amongst it’s many features it allows people to securely to execute commands, copy files and tunnel net traffic. Using SSH rather than telnet to configure and access devices is a great step up, and unlike telnet, passwords and secure information is encrypted.
But just because you’ve enabled SSH on all your devices doesn’t mean your network is any more secure. SSH is only one in many changes that need to be changed in order to have a secure network.
Network Management, most network management software still access your devices using insecure techniques (some of which are listed below). What’s the use of using SSH, when you network management polls it every 5 minutes insecurely
Keys
A simple think overlooked in most SSH setups, is that keys are never logged / saved, nor are private/public key authentication. So when you have 500 network devices, when you connect to one, people start getting into the habit of just accepting ssh keys without looking at them. A simple ARP man in the middle attack could allow a user to grab your password without any work.
File Transfer
So you need to upload a config file. Simple I’ll just TFTP or FTP it. Maybe you might even HTTP it across. Well there you go, all the work of installing SSH on all your devices has been wasted. This can easily be fixed with either SCP, HTTPS or FTPS.
SNMP
Commonly used SNMPv2 and v1 has no encryption support. It is common that most devices are setup with SNMPv2 and v1 rather than the SNMPv3 which support encryption. SNMP can be used to monitor, and set configuration options on most devices.
Vulnerabilities in software
Sounds pretty stupid, but why would an attacker bother with SSH when they can just exploit a page. It’s annoying, but IOS and other software need to stay updated.
Routing Protocols
Routing protocols really need to stay on routed links. Having OSPF running on general access VLANs is not a good idea. Very easy to make a man in the middle attack.
Spanning Tree
Spanning Tree can easily be disturbed, and be used for malicious activities. BPDU GUARD really needs to be enabled on access ports, otherwise you’ll be in trouble.
Theses simple fixes will in fact make your network more secure than SSH would.
200th post – SLA's for the next 100.
Well it’s finally here. My 200th blog post, 150th comments and 300th spam comment. To celebrate I have decided to look at my current SLA and plan for the next 100. Hopefully the new SLA’s will improve quality and frequency of blog posts.
- At least one post for every year, up to Year 2011
- Written by either a Monkey or proofed read by one
- Be completely letters C,O and 2 free by 2212
If you have any issues with the quality of my blog you can contact Marvin [ Manger of Monkey Slave Co Team 2 ].
Habari Review
Habari is an open source blogging platform that runs on top of PHP. I thought I would give it a go for a few side projects since WordPress and WordPress mu (soon to merge) was getting overly kludgy. Harabi states on their website that their stable build isn’t really all that stable 
. It’s more of a Beta than a release, so I wouldn’t run anything production on it.
To me, Habari looks like what the WordPress would have created if they could go forward into time to look at the beast they have created. The best part of Habari is how lite it is, and how well set out everything is. Habari setup is straight forward and can be pointed at several different types of database servers. Less than 5 minutes and I had a blog up and running. Another 2 minutes and I had a second blog running off the same install. With the set out of the system you can make changes that apply to all or just one. It’s very light and simple to use. It appears that the community is making tones of great themes and plugins and I find that Habari will grow to point it takes over WordPress. As long as it doesn’t become kludgy like WordPress, I think it’s a great competitor.