Unfortunately getting these security systems installed is more of a
political problem than a technical one. I happen to use kerberos and
ssh in my daily routine, so although _some_ of my packets were
sniffible, none of my passwords were. I happen to be one of the lucky
few who has made it through the politics of large companies to "open
up the firewall". Yes, corporate IT people see something even as
secure as SSH as 'opening the firewall'.
Clearly we need to teach the MIS/IT personnel about existing
techniques.
-derek
"William Allen Simpson" <[EMAIL PROTECTED]> writes:
>
> Catching up on email, I will point out that every major service provider
> is probably compromised to one degree or another as frequently as 3
> times per year from terminal rooms. For example, in addition to Usenix
> meetings: IETF meetings, NANOG meetings, and every other computer
> meeting or show that hosts an unsecured unswitched local net....
>
> At IETF, I've certainly known folks that have snooped the traffic from
> the terminal room. This is routine, over the past 5-6 years. The last
> time that I went (Chicago), such folks discovered that there was only
> one person on the net using IPSec (they tracked it down to me). They
> found nobody even using OTP.
>
> (heavy sigh) We go to all the trouble of designing these security
> techniques, but then don't use them in our own production environments!
>
> These were security folks, and I'm pretty sure they didn't save the
> passwords after laughing at them -- but anyone else in the room could.
> Remember, we have a lot more "unknown" folks attending.
>
> Meanwhile, I know that Merit and UMich reorganized the backbone topology
> a few years back after some major servers were compromised. Now, most
> traffic flows over links with no machines other than routers. General
> purpose servers are segregated, and on switched links to the extent
> practical.
>
> That doesn't help the dorms, or other public access unswitched networks
> on campus. And with MediaOne finally deploying cable access this year
> in Ann Arbor, I'd expect the whole kit and kaboodle to get worse before
> it gets better!
>
>
> > Date: Tue, 09 Mar 1999 17:19:24 +1100
> > From: Greg Rose <[EMAIL PROTECTED]>
> > I had no idea there had been so many, so well hushed up! MILNET, JANET (4
> > independent incidents in the UK in Q3 1995 alone), Panix and other ISPs,
> > several universities, the USENIX terminal room, ...
> >
> [EMAIL PROTECTED]
> Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
[EMAIL PROTECTED] PGP key available
