Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Risks of File Transfer on a Fully Switched Network

From: wcon <wcon () CONNCOLL EDU>
Date: Wed, 30 Nov 2005 09:03:41 -0500
Ever hear of ³man in the middle attacks², arps are broadcasts, a switch
won¹t save you unless it can prevent these (i.e. Cisco 4500 or better).



On 11/30/05 8:19 AM, "Chad McDonald" <chad.mcdonald () GCSU EDU> wrote:


Call me paranoid, but I disagree.  We had this debate at GC&SU until I
demonstrated the ability to sniff a switched network.
 
Chad McDonald, CISSP
Chief Information Security Officer
Georgia College & State University
Office    478.445.4473
Cell       478.454.8250
 


From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU]
Sent: Tuesday, November 29, 2005 2:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Risks of File Transfer on a Fully Switched Network



I am being told that the risk of transferring sensitive files over our
InTRAnet is so low that we should not require encryption for these internal
file transfers. Transferring over the Internet in the clear is clearly a
problem, but are others willing to share your position on the transmission of
sensitive data in the clear internally (assuming a fully switched network)??

Thanks... 

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
Office: 401-863-7266
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
<http://pgp.mit.edu:11371/pks/lookup?op=get&amp;search=0x91E38EFB>
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
<http://pgp.mit.edu:11371/pks/lookup?op=get&amp;search=0x91E38EFB>
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB
Previous By Date Next
Previous By Thread Next

Current thread: