Is packet sniffing for passwords on a fully switched network really a concern?

security password telnet

Solution 1:

It is a reasonable concern as there are tools that accomplish arp poisoning (spoofing) that allow you convince computers that you are the gateway. An example and relatively easy to use tool would be ettercap that automates the whole process. It will convince their computer that you are the gateway and sniff the traffic, it will also forward packets so unless there is an IDS running the whole process might be transparent and undetected.

Since these tools are available to the kiddies it is a fairly large threat. Even if the systems themselves are not that important, people reuse passwords and might expose passwords to more important things.

Switched networks only makes sniffing more inconvenient, not hard or difficult.

Solution 2:

Yes, but it's not just because of your use of Telnet and your weak passwords, it's because of your attitude towards security.

Good security comes in layers. You should not assume that because you have a good firewall, your internal security can be weak. You should assume that at some point in time, your firewall will be compromised, the workstations will have viruses, and your switch will be hijacked. Possibly all at the same time. You should make sure that important things have good passwords, and less important things do too. You should also make use of strong encryption when possible for network traffic. It's simple to set up, and in the case of OpenSSH, makes your life easier with the use of public keys.

And then, you also have to watch out for the employees. Make sure everyone's not using the same account for any given function. This makes it a pain for everyone else when someone gets fired and you need to change all the passwords. You also have to make sure that they don't fall victim to phishing attacks through education (tell them that if you ever asked them for their password, it would be because you've just gotten fired and you don't have access anymore! Anyone else has even less reason to ask.), as well as segmenting access on a per-account basis.

Since this seems to be a new concept to you, it's probably a good idea for you to pick up a book on network/systems security. Chapter 7 of "The Practice of System and Network Administration" covers this topic a bit, as does "Essential Systems Administration", both of which I recommend reading anyway. There are also entire books dedicated to the subject.

Solution 3:

Yes it is a big concern as with some simple ARP poisoning you can normally sniff the LAN without being physically at the right switch port, just as in the good old hub days - and it's very easy to do too.

Related

Silently uninstall bloatware
What makes a "Good" or "Great" Administrator? [closed]
How to interpret this smartctl (smartmon) data
Nginx Solution for AWS Amazon ELB Health Checks - return 200 without IF
How can I buy end-user bandwidth for my customers? [closed]
Shell Command for Getting IP Address?
Why don't you contact tech support? [closed]
High disk I/O - jbd2/sda2-8 process
What is the meaning of "AH00485: scoreboard is full, not at MaxRequestWorkers"?
Expose port 80 and 443 on Google Container Engine without load balancer
What is rootfs?
How can I see MSMQ in local Computer Management interface?