I have read on OpenBSD's ( http://www.openbsd.org ) site about
U Mich.'s CITI Secure Packet Vault
( http://www.citi.umich.edu/projects/vault.html ) an OpenBSD
and a linux machine pair that captures all packets
encrypts them and stores this data on cdrom. In order to safe guard
against misuse,
"All data are encrypted to allow selective release of conversations, where
a conversation is defined as all communications between a pair of IP
addresses. Packet IP addresses are obscured by substitution, and packet
data are encrypted under a symmetric key unique to each conversation.
Material needed to reconstruct all conversations is remembered and
encrypted under the public key of a trusted third party."
Which would mitigate signifigantly any misuse of the recorded data.
spiff
On Mon, 16 Aug 1999, Burgess, Jeff wrote:
>
> Hey,
> I have a question regarding running a NIC card in promiscuous mode
> without any protocols bound to it.
>
> Scenario is, we want to place a "monitoring" machine on our internal
> network to watch things, the idea arose to put a second NIC in the box to
> put in our DMZ (*Sort of like dual homing the machine, but without any
> protocols bound to it*).
>
> Now, being the security "cop" this rose several red flags for me while my
> mind was screaming out "no way in hell!" but I couldn't come up with one
> solid reason as to why not, so they want to go ahead with it.
>
> What I'm looking for from some of you more knowledgeable gurus is a
> reason not to let this happen, or reassurances from you as to why this isn't
> a problem, as my synapses are all screaming at me like spider man!!!
>
> ;-)
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
