Shoot, sorry wrong message please accept my apology for the blunder.
Renee Lee
-----Original Message-----
From: Lee, Dana-Renee
Sent: Monday, September 20, 1999 3:06 PM
To: 'Ben Nagy'; '[EMAIL PROTECTED]'
Cc: [EMAIL PROTECTED]
Subject: RE: Is Private Network & Internet on same FR
Circuit Ok?
Here is a question no one has asked yet:
Do you want to trust a firewall on an OS as unsecurable as
NT is??
Renee Lee
-----Original Message-----
From: Ben Nagy [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 19, 1999 8:29 PM
To: '[EMAIL PROTECTED]'
Cc: [EMAIL PROTECTED]
Subject: RE: Is Private Network &
Internet on same FR Circuit Ok?
AFAIK There is no IOS command on normal
routers (dunno about the huge stuff)
that will let you see the actual packet
_body_. Even if one has exec on the
router.
As to whether you should encrypt in this
situation, I guess it depends on
what your data is. If it's employee ICQ,
then maybe not. If it's my medical
records or financial transactions, then
maybe you should.
There do exist boxes that you can put on a
frame relay line that will dump
the entire traffic. Or you can just get to
the data when it passes through
copper / fibre somewhere. I guess the
question is whether you trust the
security of the physical access to the data
path.
Alternatively, there may be non-Cisco
routers in the cloud - can anyone
speak for the other brands that are around
in telcos / large ISPs? What if
one of those gets compromised?
You ask what the security risk is if you
don't use encryption...what is the
downside if you do? With the hardware cards,
even the baby Ciscos will ship
A Goodly Amount of data with 56-bit DES. Is
your pipe so big that the
performance hit will cripple you?
Cheers,
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
PGP Key ID: 0x1A86E304 Mobile: +61 414 411
520
> -----Original Message-----
> From: Joe Ippolito
[mailto:[EMAIL PROTECTED]]
> Sent: Monday, 20 September 1999 5:06 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Is Private Network &
Internet on same FR Circuit Ok?
>
> Another scenario with a similar concern.
>
> Internet
> |
> |
> Router
A-------PVC------Router B
> |
|
> |
|
> DMZ A----Firewall A
Firewall B-----DMZ B
> |
|
> |
|
> Site A
Site B
>
> The purpose of this configuration is to
provide a third-world site (Site
B) tier-one Internet connectivity (not
available locally) through a large US
site while providing intra-company
connectivity between the two sites with
the same WAN connection. An advantage is
that site B would retain local
access to its own self-administered DMZ.
Both firewalls have routable
external addresses along with the adjacent
router interface and the Internet
side of router A. The PVC between Routers A
and B have only private
addresses (e.g. 192.168.x.x.) Both
firewalls do IPSec VPN's with many other
sites. Is it really necessary to do DES
encryption for communication
between sites A and B? What is the security
risk if we do not? Is it
possible to hack a Cisco router and sniff
clear data packets?
>
> Thanks
-
[To unsubscribe, send mail to
[EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the
message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
