Educause Security Discussion mailing list archives
Re: Risks of File Transfer on a Fully Switched Network
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 30 Nov 2005 09:46:55 -0500
jack suess wrote:
Finally, all of that said, if you have a situation where you do a ftp between two internal servers and you can be certain that that network is secured I don't see a problem there. We have a situation where we ftp a file from our old administrative system to another internal server. They are on a restricted network that can't be accessed by regular campus users because of the firewall rules. I'm not losing sleep over that ftp happening in the cleartext.
I once took that viewpoint but no longer consider any system trusted enough that I want it to have the ability to sniff unrelated network traffic. Proliferation of systems on network segments is common here and unrelated systems should not have the ability to compromise each other when it can be avoided. Otherwise, a single mistake can result in a stepping stone attack through a data center. I suppose putting each system on its own vlan or pvlan would be a mitigating solution but that gets administratively messy, particularly when the systems require different access controls. (Anyone doing it?) Interestingly, I read recently that the DoD definition of a "trusted system" is one that can break security. The other thing I'm wondering about the original question is the type of unencrypted communications taking place that handle sensitive data. In this day and age of SSL enabled mail servers and ssh/scp support, exceptions to a "encrypt all" policy should be rare and hopefully will either result in pressure on vendors to get a clue or the Darwin/Intelligent Design effects may solve the problem in the marketplace or RFP stages. I also don't see any reason not to have a policy specifying that encryption be used that includes an exception process with an associated approval process. The approval process would serve not only to bring attention to the accepted risk, but also to keep a record of those risks that could be reviewed on a periodic basis to see if there are new solutions. The documented exceptions could be taken into account during such things as network design, network access control setup, and monitoring setup to help mitigate the risk. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Re: Risks of File Transfer on a Fully Switched Network, (continued)
- Re: Risks of File Transfer on a Fully Switched Network Julian Y. Koh (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Ken Layng (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Ken Connelly (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Russell Fulton (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Richard Gadsden (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network David Gillett (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Chad McDonald (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network wcon (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network jack suess (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Dunker, Mary (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Flynn (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Huba Leidenfrost (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Russell Fulton (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Bradley Ellis (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Cal Frye (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Scholz, Greg (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Robert Kerr (Dec 02)
- Re: Risks of File Transfer on a Fully Switched Network Alan Amesbury (Dec 06)