Re: (ASCEND) security hole in p50

To: <ascend@digistar.com>, "Brett Hawn" <blh@texas.net>
Subject: Re: (ASCEND) security hole in p50
From: <mel@becknet.com>
Date: Wed, 10 Dec 97 09:08:00 -0800
cc: "Skeeve Stevens" <sstevens@myinternet.net>, <ascend-users@bungi.com>
Sender: owner-ascend-users@max.bungi.com

>> > The 3 levels of access are pointless because once you have the telnet 
>password,
>> > it allows you to go into diagnostic mode and dump the p50's config to a 
>> > tftp server, complete with all passwords for the unit....

I've lost track of who said this, but it's an incorrect statement. The 
default security profile must have Field Service access enabled to get 
into diagnostic mode using just the Telnet password. If you disable 
diagnostic access for the default security profile, knowing the Telnet 
password (or using the serial port) won't get you into diagnostic mode.

As with all network devices (Cisco, Ascend, Bay, etc), the default level 
of access is no security at all. And it must be so or we'd all have a 
bunch of inaccessible routers lying around, so complaining that the 
default access permissions is too open is silly.

 -mel beckman



++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) Ap36 release notes page v.
Next by Date: Re: (ASCEND) TNT and ISDN
Prev by thread: Re: (ASCEND) security hole in p50
Next by thread: (ASCEND) FW: Edupage, 9 December 1997 (fwd)
Index(es):
- Main
- Thread