Firewall Wizards mailing list archives
Re: cost of frame relay snooping
From: C Matthew Curtin <cmcurtin () research megasoft com>
Date: Sat, 1 Nov 1997 16:36:38 -0500 (EST)
"Jyri" == Jyri Kaljundi <jk () stallion ee> writes:
Jyri> Do any of you think about this when you decide if a frame relay Jyri> connection should buy VPN encryption software or not? The issues regarding frame relay security are different from those of using the Internet as the conduit for VPNs. When someone offers frame relay service as a "more secure" alternative, he might very well be right, for a certain classification of attacker. When deciding whether (and/or how) to encrypt that frame relay connection end-to-end, it's useful to return back to the basic principles of security. What's your policy? What's your threat model? What's the danger of someone sniffing the traffic? How much damage could a sniffer cause? How much does it cost to encrypt the line? Of course, asking questions like this is always a good idea, regardless of what you're planning to do to your network. Now, the difficulty that an attacker will have in snooping your VPN link will vary, based on a number of factors. Typically, frame relay connections are provided to a site, router and all, from the service provider. The router is managed by the provider. One typically can't just hang any device on the network and start listening in. When getting into specifics, the ease with which someone can snoop will vary depending on how the provider manages their network, what the topology of the network is, etc. My advice would be to have a discussion with an engineer from the provider who can answer topology questions and talk about security issues with you. Don't let 'em snow you with answers like "we take precautions"--find out what they do, and how it makes life difficult for an attacker. -- Matt Curtin Chief Scientist Megasoft Online cmcurtin () research megasoft com http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself Keywords: Crypto Security Privacy Unix Internet Perl Java Death-to-spam
Current thread:
- Re: cost of frame relay snooping Ted Doty (Nov 01)
- <Possible follow-ups>
- Re: cost of frame relay snooping C Matthew Curtin (Nov 01)
- RE: Re: cost of frame relay snooping dnewman (Nov 02)
- RE: Re: cost of frame relay snooping Krammes,Jim (Nov 03)