Guys, I think Jack is talking 'bout a kind of connection with no ISP
involved. A direct dial-up connection.
Jack: as far as I know the technies at the Telcos monitor traffic no
regular basis (I used to do it :-| )
You dont have to forget that every time a modem connection is made through
the PSTN
I quite agree with you on performing an analysis of the risk, in the first
place.
If the remote access is being used just to connect to an stand alone server
which holds no-confidential data, then it may be OK not to use encryption.
Unfortunately, most of the time this is not the case.
Use encryption. It won't hurt you.
Jor
PD. Moreover ----> Listen to your systems auditor. I think he is on your
side.
Henry Sieff <[EMAIL PROTECTED]>@Lists.GNAC.NET on 20/04/2001 13:37:59
Sent by: [EMAIL PROTECTED]
Destinatario(s): 'Ron DuFresne' <[EMAIL PROTECTED]>, Henry Sieff
<[EMAIL PROTECTED]>
cc: 'Jose Nazario' <[EMAIL PROTECTED]>, "Mogren, Jack L."
<[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
Fecha: 20/04/2001 11:37:59 EST
Asunto: RE: Remote Access and the need for Encryption
___________________________________________________________________________
Absolutely: I still think its better to have encryption than to not. I
seem to remember (maybe it was the FWWIZ list) a discussion about the
need to log whether or not certain files were being scp'ed out of a
network. Thats what I was thinking about.
More than anything, I was just pondering the "what-ifs". You can have
users who are trusted for remote access, but not restricted in what
they can do within that remote access. Those restrictions could be
enforced at the end-point, but once the encryption's in place, its
difficult to tell whether the user has somehow sidestepped those
restrictions through observing the traffic (which is the point of
encryption, but as I said, I was simply pondering the trade-offs).
Henry
> -----Original Message-----
> From: Ron DuFresne [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 20, 2001 11:33 AM
> To: Henry Sieff
> Cc: 'Jose Nazario'; Mogren, Jack L.; '[EMAIL PROTECTED]'
> Subject: RE: Remote Access and the need for Encryption
>
>
>
> Henry, though,one can get an idea of what those users are doing at
the
> inside endpoint, if required one can monitor what commands
> and processes
> are unleashed upon the inside endpoint. Now, oif the users are not
> trustworthy, then what are they doing with the ability yo do
> remote access
> in the first place.
>
> Thanks,
>
> Ron DuFresne
>
>
> On Fri, 20 Apr 2001, Henry Sieff wrote:
>
> > Of course, on the flip side of the equation:
> >
> > Once you encrypt, you can no longer tell what YOUR users are doing
> > within that encrypted channel. Something to think about. . .
> >
> > Henry
> >
> > > -----Original Message-----
> > > From: Jose Nazario [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, April 20, 2001 10:28 AM
> > > To: Mogren, Jack L.
> > > Cc: '[EMAIL PROTECTED]'
> > > Subject: Re: Remote Access and the need for Encryption
> > >
> > >
> > > actually, yes.
> > >
> > > several ISPs have had their systems compromised and the data
> > > that travels
> > > their networks sniffed. this includes login and password
> > > combinations, and
> > > also sensitive documents. while its rare that the kiddies
> > > know what to do
> > > with these documents, are you willing to risk that?
> > >
> > > given the ease with which it can be set up, an encrypted
> > > tunnel between
> > > remote users and the home office makes sense. you don't know
> > > the networks
> > > you are traversing, you don't know their security, but you do
know
> > the
> > > security needs of the information you are sending over the
> > > wire, which is
> > > to say its sensitive data.
> > >
> > > while you may not feel someone is targetting you (ie FBI, NSA,
the
> > > Moussad, organized crime or what have you), you can bet your
> > > bottom dollar
> > > that its possible that someone is listening on those
> > > untrusted networks.
> > > why leave the information up for grabs?
> > >
> > > ____________________________
> > > jose nazario
> > > [EMAIL PROTECTED]
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
----------------------------------------------------------------
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient
is prohibited. If you received this in error, please contact the
sender and delete the material from any computer.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
