customers and web servers and level one naps

Curtis Villamizar writes:

It is possible though admitedly not easy to secure a Unix machine
quite tightly (and still put some services on it allowing it to do
some useful work) since the services needed for remote administrative
access can be fully encrypted. It is not possible to secure a router
from the major router vendors at the present time since administrative
access involves telnet access where the open TCP session has full
priviledges and remains "in the clear" for long periods of time and
ready for hijack.

If (and only if) you're competent to secure a Unix box, this is pretty
easy to deal with. Put one on a private wire with the router, connect to
it in a secure encrypted fashion (kerb or ssh, these days?), and from
there cleartext telnet to the router is fine.

Of course, it costs money. But you can get away with one box and one
private net for all the routers in one location, assuming all the routers
are in the same security zone.