Hi all,
A front gate keeps cattle of the lawn. A front door keeps welcome strangers from
entering my house. A lock on the bedroom door may protect me a night. Something
stronger would be needed to ensure my wife was safe.
I guess what I am trying to say is the greater your level of risk the stronger your
security must be. Knowing that data crosses public networks has one being a little
more careful about what is sent there. Private networks accross or between countries
become a problem as all the data at the point it leaves the carrier is multiplexed
between switches. There is usually no distinction between the type of data being sent
(Although some carriers may provide special services this would probably not occur
between countries). Often there is no way for the carrier to tell what type of data
is being sent. (if they could it might present a security risk).
It should not be the carriers responsibility to look after the security of an
individuals data but to make the best effort to ensure it gets to the right person.
This is no different to sending a parcel in the mail.
It is strange though that throughout all my studies and my networking career
statistics seem to point that the greatest risk is from within. Usually because this
is where most feel security is not required.
This stuff goes round and around. It seems to me that the security of data is
ultimately the responsibitly of the end devices. I thought that is why end to end
encryption was developed.
Just some views.
Teunis,
Hobart, Tasmania
Australia
On Monday, January 08, 2001 at 04:24:11 PM, Chuck Larrieu wrote:
> Jim, just to be contrary, how can a single provider, or even multiple
> provider frame clouds be compromised as easily as internet traffic?
>
> What are some of the specifics of danger of compromise of any private
> network versus the internet?
>
> Those bad people can't, for example, do DDoS attacks against your private
> network, except via the internet connection. It is that same internet
> connection that is the source of major compromises of corporate networks
> nationwide.
>
> What are some of the specific security issues you see on private networks,
> as compared to public networks?
>
> Chuck
> Just being contrary, in the hopes of learning something :->
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim
> Brown
> Sent: Monday, January 08, 2001 8:47 AM
> To: 'Brian Lodwick'; [EMAIL PROTECTED]
> Subject: RE: Frame Relay Security
>
>
> There should not be different levels of encryption for traffic depending on
> whether its frame or Internet transient. Your traffic is open to compromise
> on the Internet or in a providers frame cloud. From a security viewpoint
> neither one is more secure than the other.
>
> It really boils down to acceptable risk vs. cost.
>
> Just remember, you can never eliminate risk. There are always holes in your
> security.
>
> Any individual who is asking themselves should I use DES/3DES on a frame
> connection should stop and look to see if they have a modem bank behind
> their firewall.
>
> Your security is only a strong as the weakest link.
>
> -----Original Message-----
> From: Brian Lodwick [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, January 07, 2001 8:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Frame Relay Security
>
>
> Group,
> Which then I believe should obviously lead into the discussion- if VPN's
> are today's PVC's then would it be appropriate to say that traffic
> transported over the public internet with such a protocol as IPSec is just
> as safe? and how do you know your enemies aren't working for that frame
> provider -if they are using single DES they had better hope not. Are there
> protocols now capable of providing enough security encryption for extremely
> sensitive traffic to transit the public internet?
>
> >>>Brian
>
> >From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
> >Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Frame Relay Security
> >Date: Sun, 7 Jan 2001 13:37:09 -0500
> >
> > >I understand most of the benefits of frame relay, but I am wondering if =
> > >there are any security problems assoicated with this protocol? Is it =
> > >secure enough for unencrypted transfer of financial or sensitive =
> > >information? Any help understanding the security risks associated with =
> > >frame relay appreciated.
> > >
> > >-- Kevin
> >
> >Is a dedicated line secure enough for unencrypted transfer of
> >financial or sensitive information?
> >
> >Answer: It depends.
> >
> >People often assume that frame is somehow shared when "dedicated
> >lines" are not. From Chapter 5 of my _WAN Survival Guide_,
> >
> > >All too many users have an intuitive belief that if they were to
> > >pull on the London end of a London to New York circuit, wires would
> > >wiggle in Manhattan. The reality, of course, is that any network of
> > >complexity beyond a very simple LAN involves one or more layers of
> > >virtualization onto real media. At the OSI lower layers,
> > >virtualization usually involves multiplexing, but various name and
> > >address mapping functions provide virtual structure as one moves up
> > >the protocol stack.
> >
> >Typically, frame PVCs and T1's run over exactly the same media from
> >the customer site to the telco end office. Once at the end office,
> >they are multiplexed. T1 is far too slow for economical data
> >transmission between modern telco offices. Both the T1 and the frame
> >circuits typically will be multiplexed onto facilities at least at
> >DS-3, and usually OC-12 to OC-192. So much beyond the local loop,
> >there really isn't much difference between frame and dedicated.
> >
> >Interpretations in the US HIPAA legislation for medical data tend to
> >allow unencrypted traffic to flow over dedicated and frame, but not
> >the public Internet. The Federal Reserve, however, tends to want
> >end-to-end encryption regardless of the media, historically single
> >DES. Military traffic would be bulk encrypted and possibly
> >end-to-end encrypted as well.
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
--
www.tasmail.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
