Firewall Wizards mailing list archives
summary on frame relay security questions:
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 2 Dec 1999 22:35:26 -0600 (CST)
Folks, Here's a summary of the replies to the questions I put forth to two of the firewalls lists, concerning security and frame relay, with an emphasis on private FR, and the replies generated over the course of the last few weeks: There were between both lists, I believe 19 individual replies, the lists might not have seen all the replys as I received a few in private. Sorting through those, I dropped 3 as content was not really topical nor inciteful as pertained the topic. 4 others were more ponderings of the potential threats and leaned more towards additional requests for information concerning the topic. 2 more were then excluded as being more in depth repeats of information already contributed. This left 10 meaty replies. Most folks tended to respond that security of the FR cloud was pretty solid, unless one either had access to the providers equipment or a customers access point. I have heard nothing concerning freely available tools to do this, and all the information I have on the matter points to a high-end traffic analyzer being needed to get at at least the LMI level of the traffic to be included in scarfs. But, the cost of a high-end traffic analyzer is not all that unafordable these days, there were prices mentioned of 1-3k <US>, I recall higher costs, but, those were back 8-9 years past. Thus your main risks appear to be the telco/ISP <local authorities?> itself and their security perimeter. Misconfiguration appeared a few times as not only possible, but mentioned as factual happenings of leaking information down the wrong pipe. Any clients of the cloud and their security perimeter, with either 'not so nice'<TM> business intentions or a rogue employee with access, pose the same threat threshold. It was a few times emphasized that the the issues get to be more interesting as endpoints traverse provider and national boundaries. There were replies that mentioned the possibilities of DOSing out others in the cloud as being one of the easiest attack methodologies <same as IP traffic in general>, though, there was mention also of social engineering of actually been successful in gaining the re-routing of connection endpoints, though an example was not provided. Interestingly, encryption of traffic was mentioned in only two of the replies <20%>. One of those, from someone that had FR access as provider/client/user was strong in claiming that FR traffic is rarely encrypted, and when it is, it is most often only financially directed information that gets any added manipulation to the payload. The other being emphatic that any publically passed data requires encryption. This leaves one strongly with the impression that perhaps folks' paranoia often gets devoted most often towards directly connected Internet channels, and back-ends might often be considered 'safer'. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- summary on frame relay security questions: R. DuFresne (Dec 03)