Quote:
Originally Posted by
sparcguy
Well I too agree with what you say as true but my bottom line is I have to pass this audit and my boss is anxious to pass the audit and so is the management, regardless of where they read up the info from internet, weather they are amatuer script kiddies or not THEY ARE THE AUDITORS and I have to comply.
Out of curiosity, did they tell you why you need to do this?
In my experience with audits (which is 2 audits in all my years doing this), when something has been recommended, the onus has been put on the auditors to tell us why it is needed, how can we accomplish it, and what guarantee they can give us that it will not break anything in our system.
Anyway, for easy fixes that don't require recompiling or messing around with the sshd binary, you could:
- Block telnet to port 22.
- Change the port sshd listens on.
- Comment telnet out of inet.conf and HUP inetd
A general comment: this is one of those things that I cannot understand about these "security experts". They want SAs to mess around with ssh, but they don't mind that telnet is running. If I'm a hacker, and I'm already inside your network, why would I want to mess around with the encrypted stuff when I have clear text flowing through the wire?