Penetration Testing mailing list archives

RE: Leased Lines

From: "Craig Wilson" <craig.wilson () redtray co uk>
Date: Wed, 14 Oct 2009 08:36:13 +0100

Hi Seb,

It can certainly be tapped into, though the fact that it's a leased line
makes it less easy to do. Basically you are dealing with just one
(usually) supplier and so you just need to worry about their security
standards rather than the Internet in general. I'd suggest any
connection that you would deem 'corporate' needs to be encrypted in some
way. Obviously you lose a little performance as soon as you start to
encrypt and if you have Cisco devices on the end-points you will want
encryption cards in them.

Craig



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Sebastiaan
Sent: 12 October 2009 10:43
To: pen-test () securityfocus com
Subject: Leased Lines

Hi,

I'm looking for any information related to the security of leased
lines, specifically if it is feasible to eavesdrop on them outside a
companies building. What would it take to do it?

I'm having  a debate about the use fullness of encryption on leased
lines and the use of strong authentication for the PPP session and
such.

I understand there are always risk assessment/costs aspects to
security issues, but I'm currently focused on the technical side of
things :)

Reg.

Seb

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Leased Lines Sebastiaan (Oct 13)
- RE: Leased Lines Shenk, Jerry A (Oct 13)
- RE: Leased Lines Craig Wilson (Oct 15)
- Re: Leased Lines David Howe (Oct 15)
- Re: Leased Lines Wim Remes (Oct 15)
- <Possible follow-ups>
- RE: Leased Lines Gorgon Beast (Oct 15)
  - Re: Leased Lines Elizabeth Greene (Oct 19)