Penetration Testing mailing list archives
RE: Leased Lines
From: Gorgon Beast <gorgonbeast () hotmail com>
Date: Wed, 14 Oct 2009 07:45:55 -0700
Sebastian, Surprisingly, I get asked this a lot. Certainly, it can be done (anything CAN be done). Anyone that has physical access to the cabling can put in a Y and examine traffic. This is, of course, more difficult that it sounds; trying to find the right wires in a bundle of 50,000 other wires, then getting your connector in there without setting off alarms is another matter. Or if the bad guy has access to the building, all bets are off. What it really depends on is what you are sending across. If you are a bank, or the IRS, then it would be a good idea to encrypt it too; these businesses have oodles of cash laying around, just waiting to be spent. If you are a small business sending files back and forth to your other office and it has no personally identifiable information in it, then it probably isn't such a high priority. Since most routers and firewalls have VPN technology built into them these days, it is generally a good idea to do it anyway, it doesn't appreciably slow anything down, and it just makes things that much more secure. Likewise for the strong authentication. John
Hi, I'm looking for any information related to the security of leased lines, specifically if it is feasible to eavesdrop on them outside a companies building. What would it take to do it? I'm having a debate about the use fullness of encryption on leased lines and the use of strong authentication for the PPP session and such. I understand there are always risk assessment/costs aspects to security issues, but I'm currently focused on the technical side of things :)
_________________________________________________________________ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. http://clk.atdmt.com/GBL/go/171222985/direct/01/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Leased Lines Sebastiaan (Oct 13)
- RE: Leased Lines Shenk, Jerry A (Oct 13)
- RE: Leased Lines Craig Wilson (Oct 15)
- Re: Leased Lines David Howe (Oct 15)
- Re: Leased Lines Wim Remes (Oct 15)
- <Possible follow-ups>
- RE: Leased Lines Gorgon Beast (Oct 15)
- Re: Leased Lines Elizabeth Greene (Oct 19)