Educause Security Discussion mailing list archives

Re: Risks of File Transfer on a Fully Switched Network

From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 30 Nov 2005 09:46:55 -0500

jack suess wrote:

Finally, all of that said, if you have a situation where you do a ftp
between two internal servers and you can be certain that that network is
secured I don't see a problem there. We have a situation where we ftp a
file from our old administrative system to another internal server. They
are on a restricted network that can't be accessed by regular campus
users because of the firewall rules. I'm not losing sleep over that ftp
happening in the cleartext.


I once took that viewpoint but no longer consider any system
trusted enough that I want it to have the ability to sniff
unrelated network traffic. Proliferation of systems on network
segments is common here and unrelated systems should not have
the ability to compromise each other when it can be avoided.
Otherwise, a single mistake can result in a stepping stone
attack through a data center. I suppose putting each system on
its own vlan or pvlan would be a mitigating solution but that
gets administratively messy, particularly when the systems
require different access controls. (Anyone doing it?)

Interestingly, I read recently that the DoD definition of a
"trusted system" is one that can break security.

The other thing I'm wondering about the original question
is the type of unencrypted communications taking place that
handle sensitive data. In this day and age of SSL enabled
mail servers and ssh/scp support, exceptions to a "encrypt
all" policy should be rare and hopefully will either result
in pressure on vendors to get a clue or the Darwin/Intelligent
Design effects may solve the problem in the marketplace or
RFP stages.

I also don't see any reason not to have a policy specifying
that encryption be used that includes an exception process
with an associated approval process. The approval process
would serve not only to bring attention to the accepted risk,
but also to keep a record of those risks that could be
reviewed on a periodic basis to see if there are new solutions.
The documented exceptions could be taken into account
during such things as network design, network access control
setup, and monitoring setup to help mitigate the risk.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Current thread:

Re: Risks of File Transfer on a Fully Switched Network, (continued)
- Re: Risks of File Transfer on a Fully Switched Network Julian Y. Koh (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Ken Layng (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Ken Connelly (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Russell Fulton (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Richard Gadsden (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network David Gillett (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Chad McDonald (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network wcon (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network jack suess (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Dunker, Mary (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Flynn (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Huba Leidenfrost (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Russell Fulton (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Bradley Ellis (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Cal Frye (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Scholz, Greg (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Robert Kerr (Dec 02)
- Re: Risks of File Transfer on a Fully Switched Network Alan Amesbury (Dec 06)