Re: [fw-wiz] security of private leased lines

From: Paul Robertson (proberts_at_patriot.net)
Date: 08/28/03

  • Next message: Clark, Steve: "[fw-wiz] IPSEC behind 5XT"
    To: Kilaru Sambaiah <sambaiah@antaares.com>
    Date: Thu, 28 Aug 2003 16:12:08 -0400 (EDT)
    
    

    On Thu, 28 Aug 2003, Kilaru Sambaiah wrote:

    > Dear Members,
    > I am managing point to point leased lines. They not connected
    > to the internet lines. What kind of security systems I require to
    > think, and implement? Any pointers are helpful.

    Like all things security, the answer is "it depends."

    If you trust your carrier at each end and if applicable, any interexchange
    carriers, then probably not much, unless the line protocol is something
    that's historically leaky like Frame Relay or ATM. Remember "not
    connected to the Internet" isn't true of the carrier systems between your
    equipment and the other end. Neither is physically secure, and
    potentially "accessed only by people I trust."

    If your data isn't all that important, then same answer. Depending on
    your data's importance/longevity, you'll want to increase the protection a
    little to a whole bunch.

    If your data is important, then you'll want to use an encrypted channel
    between the endpoints. If you don't have the same level of administrative
    control, security policy, or physical access at each end, then you'll want
    some sort of firewalling at each end of the connection as well.

    Doing encrypted channels right requires a good understanding of key
    managment, key change intervals, etc. If you're not up on that stuff, and
    the network/information is important, then you really should consult
    somone who's done it before.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    proberts@patriot.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Clark, Steve: "[fw-wiz] IPSEC behind 5XT"

    Relevant Pages

    • Re: Need help with remote access solution
      ... Across that connection you can establish ... customer that has outgoing internet access. ... but what makes it different (from a security point of view) ... Remote access can be via a modem, via a VPN into the DMZ, or by any other ...
      (comp.dcom.vpn)
    • Re: IIS, homenetwork, teenager, sercurity
      ... Firewall. ... connection is giving you some hardware firewall protection. ... it is a good idea to have any PC that is connected to the internet ... Microsoft plugs their security holes with a patch ...
      (microsoft.public.inetserver.iis.security)
    • Re: pop ups from messenger services
      ... and Sasser Worms that still haunt the Internet. ... ignoring or just "putting up with" the security gap represented by ... Messenger Service of Windows ... firewall and WinXP's Internet Connection Sharing feature. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: pop ups
      ... and Sasser Worms that still haunt the Internet. ... ignoring or just "putting up with" the security gap represented by ... Messenger Service of Windows ... firewall and WinXP's Internet Connection Sharing feature. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Wireless Laptop connections dropping intermittently
      ... i.e. all forms of security entirely, and still have the same issue. ... trying to type my response in, because my connection keeps dropping. ... You state that the Internet drops but you are connected. ... If so then take all the Laptops to the same room with the Router, ...
      (microsoft.public.windows.vista.networking_sharing)