Re: security of private leased lines

[Paul Robertson <proberts () patriot net>]

On Thu, 28 Aug 2003, Kilaru Sambaiah wrote:

>   Dear Members,
>      I am managing point to point leased lines. They not connected
> to the internet lines. What kind of security systems I require to
> think, and implement? Any pointers are helpful.

Like all things security, the answer is "it depends."

If you trust your carrier at each end and if applicable, any interexchange 
carriers, then probably not much, unless the line protocol is something 
that's historically leaky like Frame Relay or ATM.  Remember "not 
connected to the Internet" isn't true of the carrier systems between your 
equipment and the other end.  Neither is physically secure, and 
potentially "accessed only by people I trust."

If your data isn't all that important, then same answer.  Depending on 
your data's importance/longevity, you'll want to increase the protection a 
little to a whole bunch.

If your data is important, then you'll want to use an encrypted channel 
between the endpoints.  If you don't have the same level of administrative 
control, security policy, or physical access at each end, then you'll want 
some sort of firewalling at each end of the connection as well.

Doing encrypted channels right requires a good understanding of key 
managment, key change intervals, etc.  If you're not up on that stuff, and 
the network/information is important, then you really should consult 
somone who's done it before.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards