|On occasion, engineers and customer support folk from our site go out
|into the big bad world, and want to get back into the network via the
|Internet connection. There are some obvious advantages to this - cost,
|convenience and speed being the most significant. This activity is
|usually done from a customer site that is connected to the Internet.
|
[ ... ]
|
|It seems like the only safe way to do this is to actually give the
|remote user an encrypted telnet capability so that even the clear
|passwords aren't sniffable at the remote site. Given this, I have
|two questions:
|
|1) Am I *too* paranoid about all of this? Are we going too far?
|
|2) If not, what are the restrictions for running encrypted telnet
| in other countries? Should we be concerned about this?
You've got more options other than encrypted telnet: like perhaps a
smart card with a one-time-only password. It might be a little hard
and cost something, but it's another option. Yet another option is
other one-time password technologies, such as s/key (but I don't know
if there's any international restrictions). Then you have the bastion
host idea as well.
karyn
|
|
