A few days ago I mentioned in a post that the business has requested an exemption for the use of rcp and rsh, I also pointed out that this wasn’t really to be encouraged as given the previous experience with the business this wouldn’t be a short term solution to a problem. Imagine my surprise today when some one from one of the business support teams stopped by my desk, his reason for stopping – “How do I implement SSH using keys on the estate?”
Not wanting to spoil his day I explained what was involved and said that I’d send him a brief how to, off he went leaving me completely bewildered. The benefits of using SSH are well understood, particularly when we have plain text files with financial data being moved around on a regular basis. Just the fact that the data is encrypted is a massive benefit, on the legacy network these files are moved around in the plain using rcp, rsh and ftp.
Obviously these protocols leave a little to be desired in the security department, but nearly 30 years ago (40 in the case of ftp) there wasn’t any real concept of security. So no consideration was given to it other than the most rudimentary authentication methods, things have moved on quite a bit now and we all know how dangerous the cyber sphere can be. When someone comes along wanting to actually do something about it, they could be said to be “Going for broke!” Hopefully they will manage to accomplish the task, well before someone works out that it’s going to cost money. The IT Security team will or should be pleased, but probably will have some kind of problem with it. But they’ve already told us that the mission statement is, “To be ready for Audit!” – I really hope that they are.