Re: Frame relay security

[sedayao () orpheus sc intel com (Jeff Sedayao)]

> Dear Wizards,
 
> I am working on a very big job where we are putting in firewalls in
> three datacenters on three continents. Bigcorp currently has all its
> intersite traffic going over Frame relay world wide and does not encrypt
> it. We said, that is a very bad idea as your data has a very high value
> if it gets out ahead of the announcements. You should encrypt it, better
> than that you should put your site to site traffic through these nice
> firewalls that we are putting in for you and not only encrypt it but use
> the firewalls to control access between sites.
 
> They said, we asked our frame relay provider if they are secure and they
> said yes and we believe them. I said, they can say that but I dont
> believe it for a minute.
 
> So to cut a long and tedious conversation short I would very much like
> to hear from anyone stories of how frame relay connections have been
> tampered with so that the traffic can be listened to. Listening is
> enough, the data does not have to be changed.
 
> EG. A long time ago I heard a story of how an ISDN connection between
> two sites was listened to by sending in a false maintenance note that
> meant that the engineer put the switch into maintence mode. Mr
> evesdropper then was able to connect to the maintence interface of the
> switch and listen to everything going past.
 
> Any info would be good, specifics cases with names changed to protect
> the non so innocent would be better. Please feel free to send me
> specifics under cover of the woefully inadaquate export grade SMIME key.
> For the truly paranoid you can find a mans strength key at
> www.belsign.com
 
> www.belsign.com
 
> Thanks for your time.
 
One story that I heard about didn't have anything to do with tampering,
but is scary enough to really make one think about encrypting the frame
relay traffic.  This was related to me by someone I was working with on
a project who used to do security at another company here in Silicon Valley.  
At his old company, he was notified that packets from a large financial house 
were coming into the corporate internal network.  He checked the company's 
firewalls, and they were not the problem.  Packets were leaking into the 
company from the company's frame relay connections on their internal net.  
Apparently, the financial house also used frame relay, and somehow their 
packets made it over into the other company.  This was a big financial
house, so some of those packets could have contained very profitable
information.

So the lesson here is you don't know who is listening, and even if there
aren't deliberate attempts at eavesdropping, you might lose data from
accidental leakage.  Also, who knows how often this happens?   The wise
thing to do is encrypt.

> Lyndon David

P.S. There was a big frame relay outage last week.  See

http://www.news.com/News/Item/0,4,21272,00.html?st.ne.fd.mdh
http://www.att.com/press/0498/980414.bsd.html
-- 
Jeff Sedayao
Intel Corporation
sedayao () orpheus sc intel com