Firewall Wizards mailing list archives
Re: securing X.25 connection
From: Frank Willoughby <frankw () in net>
Date: Mon, 03 Aug 1998 19:44:26 -0500
At 11:24 AM 7/30/98 +0800, g wrote:
Hi, I have a requirement to connect our internal system (IP based) to a data feed through a X.25 connection. Any advise on how to secure this X.25 connection?
I used to have to secure X.25 connections frequently as an Information Security Officer in a previous life. There are several levels of security which are required to secure X.25 connections. 1 Establish an External Access Policy 2 Determine which DTEs will talk to which other DTEs 3 Determine who we trust and who we don't 4 Establish a Closed User Group (Benutzerbetriebsklasse - in Germany) This is where the Telecom provider will permit only authorized DTEs to talk to each other - everyone else is excluded. 5 Encrypt point-to-point using a encrypting routers or a decent VPN package (few are worth a hoot) 6 Put in a firewall at each end 7 Enable auditing (& logging) at the PAD and at the firewall 8 Document everything 9 Test everything *thoroughly* 10 Have a competent security ISO review all of the above *before* implementation The above is a good starting point. Obviously, there are many additional things we can do (network design, use X.25 features, etc.), but this will quickly digress from the charter of this list. Note: One could, theoretically, omit steps 5 & 6. I wouldn't because it means extending your circle of trust to an external entity. Omiting steps 5 & 6 assumes you trust your Telecomm provider to provide you with adequate security. (ROTFL) Personally, I haven't seen one that hasn't been cracked yet. As always, YMMV. FWIW, since you advertised to the entire planet (on which many hackers reside) what you are about to do, I would *strongly* recommend getting somebody competent to check & recheck what you are prosing to do (Item # 10). Cleaning up after a hacker has taken you out can be a real bear to deal with (I know, because I have had to help customers out of problems like this.) Good Luck! Best Regards, Frank The opinions of the author of this mail may not necessarily be representative of the opinions of Fortifed Networks, Inc. (c) Fortified Networks, Inc. - http://www.fortified.com/ Home of the Free Internet Firewall Evaluation Checklist Expert (vendor-neutral) Computer and Network Security Solutions Fixed Price Contracts - Expert Information Security Officers - Knowledge Transfer Phone: (317) 573-0800 Fax: (317) 573-0817
Current thread:
- securing X.25 connection g (Aug 02)
- Re: securing X.25 connection Ted Doty (Aug 03)
- Re: securing X.25 connection Adam Shostack (Aug 09)
- Re: securing X.25 connection Vanja Hrustic (Aug 03)
- Re: securing X.25 connection Ted Doty (Aug 03)
- Re: securing X.25 connection Bennett Todd (Aug 03)
- Re: securing X.25 connection Frank Willoughby (Aug 03)
- <Possible follow-ups>
- Re: securing X.25 connection ark (Aug 03)
- Re: securing X.25 connection Ted Doty (Aug 03)