Penetration Testing mailing list archives
RE: Leased Lines
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Tue, 13 Oct 2009 14:46:36 -0400
Sure, you can tap into them. The "banana plugs" on the smartjack are one way to go. You can also tap into the traffic from the pole outside the building (or the network access box or whatever you have outside). It's also possible to tap into that traffic from any point it passes through like the phone company's buildings. Now, the question really isn't "can it be done" 'cuz basically, it can always be done;) It's how hard is it to get the data and how valuable is it. If you're the DOD, maybe an unencrypted T1 isn't going to be the best option because you have data that some people want and some of those people (other countries) have large budgets. If on the other hand, you'd a church with barely the budget to get the T1 in the first place and you don't have any PII (Personally Indentifiable Information) and the only thing that goes across the T1 is the order of service for Sunday morning (ok, ridiculous example) but I don't think you need the encryption. You're probably someplace in the middle;) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sebastiaan Sent: Monday, October 12, 2009 5:43 AM To: pen-test () securityfocus com Subject: Leased Lines Hi, I'm looking for any information related to the security of leased lines, specifically if it is feasible to eavesdrop on them outside a companies building. What would it take to do it? I'm having a debate about the use fullness of encryption on leased lines and the use of strong authentication for the PPP session and such. I understand there are always risk assessment/costs aspects to security issues, but I'm currently focused on the technical side of things :) Reg. Seb ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Leased Lines Sebastiaan (Oct 13)
- RE: Leased Lines Shenk, Jerry A (Oct 13)
- RE: Leased Lines Craig Wilson (Oct 15)
- Re: Leased Lines David Howe (Oct 15)
- Re: Leased Lines Wim Remes (Oct 15)
- <Possible follow-ups>
- RE: Leased Lines Gorgon Beast (Oct 15)
- Re: Leased Lines Elizabeth Greene (Oct 19)