Agreed,
Some things are better to error on caution than on chance.
If your remote access to the network is not encrypted, then information AND
passwords are avaible for the internet world...same goes for FTP,etc
transfers.
Further on the VPN subject,I have recently seen more company's employ VPN on
certain clients for internal transmissions, say for example communication
between CEO and CIO within the company network...
Bare Minimum (Software) for today's typical environment:
Firewalls, IDS, VPN(3DES), Gateway Antivirus and Desktop Antivirius. Again,
that should be the minimum.
Ken Day
eSTG Security
[EMAIL PROTECTED]
800-861-9430 x241
-----Original Message-----
From: Henry Sieff [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 20, 2001 12:38 PM
To: 'Ron DuFresne'; Henry Sieff
Cc: 'Jose Nazario'; Mogren, Jack L.; '[EMAIL PROTECTED]'
Subject: RE: Remote Access and the need for Encryption
Absolutely: I still think its better to have encryption than to not. I
seem to remember (maybe it was the FWWIZ list) a discussion about the
need to log whether or not certain files were being scp'ed out of a
network. Thats what I was thinking about.
More than anything, I was just pondering the "what-ifs". You can have
users who are trusted for remote access, but not restricted in what
they can do within that remote access. Those restrictions could be
enforced at the end-point, but once the encryption's in place, its
difficult to tell whether the user has somehow sidestepped those
restrictions through observing the traffic (which is the point of
encryption, but as I said, I was simply pondering the trade-offs).
Henry
> -----Original Message-----
> From: Ron DuFresne [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 20, 2001 11:33 AM
> To: Henry Sieff
> Cc: 'Jose Nazario'; Mogren, Jack L.; '[EMAIL PROTECTED]'
> Subject: RE: Remote Access and the need for Encryption
>
>
>
> Henry, though,one can get an idea of what those users are doing at
the
> inside endpoint, if required one can monitor what commands
> and processes
> are unleashed upon the inside endpoint. Now, oif the users are not
> trustworthy, then what are they doing with the ability yo do
> remote access
> in the first place.
>
> Thanks,
>
> Ron DuFresne
>
>
> On Fri, 20 Apr 2001, Henry Sieff wrote:
>
> > Of course, on the flip side of the equation:
> >
> > Once you encrypt, you can no longer tell what YOUR users are doing
> > within that encrypted channel. Something to think about. . .
> >
> > Henry
> >
> > > -----Original Message-----
> > > From: Jose Nazario [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, April 20, 2001 10:28 AM
> > > To: Mogren, Jack L.
> > > Cc: '[EMAIL PROTECTED]'
> > > Subject: Re: Remote Access and the need for Encryption
> > >
> > >
> > > actually, yes.
> > >
> > > several ISPs have had their systems compromised and the data
> > > that travels
> > > their networks sniffed. this includes login and password
> > > combinations, and
> > > also sensitive documents. while its rare that the kiddies
> > > know what to do
> > > with these documents, are you willing to risk that?
> > >
> > > given the ease with which it can be set up, an encrypted
> > > tunnel between
> > > remote users and the home office makes sense. you don't know
> > > the networks
> > > you are traversing, you don't know their security, but you do
know
> > the
> > > security needs of the information you are sending over the
> > > wire, which is
> > > to say its sensitive data.
> > >
> > > while you may not feel someone is targetting you (ie FBI, NSA,
the
> > > Moussad, organized crime or what have you), you can bet your
> > > bottom dollar
> > > that its possible that someone is listening on those
> > > untrusted networks.
> > > why leave the information up for grabs?
> > >
> > > ____________________________
> > > jose nazario
> > > [EMAIL PROTECTED]
> > > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD
> > > 48 A0 07 80
> > > PGP key ID 0xFD37F4E5
> > > (pgp.mit.edu)
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
