[j-nsp] Re: Running a code on router
Michael Shields
shieldszero at aol.com
Thu Jan 12 16:43:37 EST 2006
On 12 Jan 2006, at 21:23, Richard A Steenbergen wrote:
> I would have thought they would implement
> it like securelevels, where you would need to change a
> configuration and
> reload the router or otherwise do something noticable to return to an
> unprotected state after you have activated the protection. If there is
> absolutely no way to disable this (hidden or otherwise), I suspect
> there
> will be a lot of annoyed power users. Then again, whats new. :)
Unfortunately, those likely to use weak passwords and leave their
routers ssh-accessible are also those who are least likely to notice
a reload or config change. So if there is going to be a knob to
enable running unsigned code, it ought to be really hard to turn,
maybe requiring physical access to the router. Otherwise the first
person to crack a password will just turn off the signature checking,
and then Juniper might as well not have implemented it at all.
--
Michael Shields
Sr. Systems Programmer
AOL Network Security
[not formally speaking for AOL]
More information about the juniper-nsp
mailing list