Jim, just to be contrary, how can a single provider, or even multiple
provider frame clouds be compromised as easily as internet traffic?
What are some of the specifics of danger of compromise of any private
network versus the internet?
Those bad people can't, for example, do DDoS attacks against your private
network, except via the internet connection. It is that same internet
connection that is the source of major compromises of corporate networks
nationwide.
What are some of the specific security issues you see on private networks,
as compared to public networks?
Chuck
Just being contrary, in the hopes of learning something :->
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim
Brown
Sent: Monday, January 08, 2001 8:47 AM
To: 'Brian Lodwick'; [EMAIL PROTECTED]
Subject: RE: Frame Relay Security
There should not be different levels of encryption for traffic depending on
whether its frame or Internet transient. Your traffic is open to compromise
on the Internet or in a providers frame cloud. From a security viewpoint
neither one is more secure than the other.
It really boils down to acceptable risk vs. cost.
Just remember, you can never eliminate risk. There are always holes in your
security.
Any individual who is asking themselves should I use DES/3DES on a frame
connection should stop and look to see if they have a modem bank behind
their firewall.
Your security is only a strong as the weakest link.
-----Original Message-----
From: Brian Lodwick [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 07, 2001 8:35 PM
To: [EMAIL PROTECTED]
Subject: Re: Frame Relay Security
Group,
Which then I believe should obviously lead into the discussion- if VPN's
are today's PVC's then would it be appropriate to say that traffic
transported over the public internet with such a protocol as IPSec is just
as safe? and how do you know your enemies aren't working for that frame
provider -if they are using single DES they had better hope not. Are there
protocols now capable of providing enough security encryption for extremely
sensitive traffic to transit the public internet?
>>>Brian
>From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Frame Relay Security
>Date: Sun, 7 Jan 2001 13:37:09 -0500
>
> >I understand most of the benefits of frame relay, but I am wondering if =
> >there are any security problems assoicated with this protocol? Is it =
> >secure enough for unencrypted transfer of financial or sensitive =
> >information? Any help understanding the security risks associated with =
> >frame relay appreciated.
> >
> >-- Kevin
>
>Is a dedicated line secure enough for unencrypted transfer of
>financial or sensitive information?
>
>Answer: It depends.
>
>People often assume that frame is somehow shared when "dedicated
>lines" are not. From Chapter 5 of my _WAN Survival Guide_,
>
> >All too many users have an intuitive belief that if they were to
> >pull on the London end of a London to New York circuit, wires would
> >wiggle in Manhattan. The reality, of course, is that any network of
> >complexity beyond a very simple LAN involves one or more layers of
> >virtualization onto real media. At the OSI lower layers,
> >virtualization usually involves multiplexing, but various name and
> >address mapping functions provide virtual structure as one moves up
> >the protocol stack.
>
>Typically, frame PVCs and T1's run over exactly the same media from
>the customer site to the telco end office. Once at the end office,
>they are multiplexed. T1 is far too slow for economical data
>transmission between modern telco offices. Both the T1 and the frame
>circuits typically will be multiplexed onto facilities at least at
>DS-3, and usually OC-12 to OC-192. So much beyond the local loop,
>there really isn't much difference between frame and dedicated.
>
>Interpretations in the US HIPAA legislation for medical data tend to
>allow unencrypted traffic to flow over dedicated and frame, but not
>the public Internet. The Federal Reserve, however, tends to want
>end-to-end encryption regardless of the media, historically single
>DES. Military traffic would be bulk encrypted and possibly
>end-to-end encrypted as well.
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
