Educause Security Discussion mailing list archives
Re: Risks of File Transfer on a Fully Switched Network
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Wed, 30 Nov 2005 09:11:21 +1300
Sadler, Connie wrote:
I am being told that the risk of transferring sensitive files over our InTRAnet is so low that we should not require encryption for these internal file transfers. Transferring over the Internet in the clear is clearly a problem, but are others willing to share your position on the transmission of sensitive data in the clear internally (assuming a fully switched network)??
There are many tools and techniques that can fool switches into spraying traffic all over the network. Switches are not designed as security devices, they are designed to work in a nice 'sane' environment. If you don't want people to intercept data while in transit across your network then you must encrypt it. End of story. Aside: To some extent the same argument applies to VLANs but at least most vendors treat VLANs as security technology and try to engineer them to withstand attack. (Speaking as one who is currently involved in a major project to partition our internal network using VLANs and virtual firewalls). VLANs do buy you more security but no where near as much as the vendors would like have you believe. Russell. Cheers, Russell
Current thread:
- Risks of File Transfer on a Fully Switched Network Sadler, Connie (Nov 29)
- <Possible follow-ups>
- Re: Risks of File Transfer on a Fully Switched Network Julian Y. Koh (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Ken Layng (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Ken Connelly (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Russell Fulton (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Richard Gadsden (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network David Gillett (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Chad McDonald (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network wcon (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network jack suess (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Dunker, Mary (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Flynn (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Huba Leidenfrost (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Russell Fulton (Nov 30)
(Thread continues...)