Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Risks of File Transfer on a Fully Switched Network

From: Ken Layng <kml18 () PSU EDU>
Date: Tue, 29 Nov 2005 14:55:14 -0500
Sadler, Connie wrote:



I am being told that the risk of transferring sensitive files over our
InTRAnet is so low that we should not require encryption for these
internal file transfers. Transferring over the Internet in the clear
is clearly a problem, but are others willing to share your position on
the transmission of sensitive data in the clear internally (assuming a
fully switched network)??



It seems as though the risk remains from the standpoint of compromised
internal machines.  It's not just internal users on the internal network
to be concerned with, but also imposters using internal network
resources, compromised accounts, that I would be concerned about.  I'd
suggest keeping that traffic encrypted.

--

Ken Layng
The Pennsylvania State University
ITS/TLT/Training Services
23 Willard
814-863-8800
kml18 () psu edu <mailto:kml18 () psu edu>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Previous By Date Next
Previous By Thread Next

Current thread: