Firewall Wizards mailing list archives
Re: Security of satellite links into an organisation
From: Tom <dod () muenster net>
Date: Fri, 26 Jan 2001 12:23:19 +0100
Hi,
Bandwidth in South Africa is expensive and the response times are not at all that great. We have decided that a good solution for surfing the net is via satellite. One of the SA ISPs offer this service. This would be the basic set-up, they supply a proxy (MS proxy) that they propose sits on the organisation's backbone network. The http request exits the organisation via our landlines to a proxy at the respective ISP. On exiting we obviously control the connection via the firewall we have in place. The ISP then sends the return WebPages to the organisation via the satellite dish. My question is what is the security risk of this set-up? We now have an unprotected pipe coming into the network. Agreed the hacker wouldn't get any responses since the dish can only receive (the responses would blocked by the land FW infrastructure). What risk would we be putting ourselves at?
AFAIK, it is relativly easy to eavesdrop on satellite communication, even for private persons who spent few thousand US$. (It nearly imposible to detect these guys.) An attacker could do traffic analysis, read senitive data and correlate insensitive data to useful information etc.. If you allow inbound logins via one-time-passwords or use weak key exchange protocols for encrypted logins, it may be posible to hijack valid inbound connections after the authentication has taken place. The link to the satellite isn't physicaly protected like a link throu a wire, so it's easy for an attacker to attack/eavesdrop on you. Bye, Thomas Biege _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Security of satellite links into an organisation Wigg, Guy G (Jan 25)
- Re: Security of satellite links into an organisation Tom (Jan 26)
- Re: Security of satellite links into an organisation Chris Keladis (Jan 26)
- <Possible follow-ups>
- RE: Security of satellite links into an organisation Randy Garbrick (Jan 25)
- RE: Security of satellite links into an organisation LeGrow, Matt (Jan 25)
- Re: Security of satellite links into an organisation dharris (Jan 25)
- RE: Security of satellite links into an organisation Wigg, Guy G (Jan 26)
- RE: RE: Security of satellite links into an organisation Safier, Adam (GEIO) (Jan 26)
- Re: Security of satellite links into an organisation Tom (Jan 26)