RE: Leased Lines




Sebastian,

Surprisingly, I get asked this a lot. Certainly, it can be done (anything CAN be done). Anyone that has physical access to the cabling can put in a Y and examine traffic. This is, of course, more difficult that it sounds; trying to find the right wires in a bundle of 50,000 other wires, then getting your connector in there without setting off alarms is another matter. Or if the bad guy has access to the building, all bets are off.

What it really depends on is what you are sending across. If you are a bank, or the IRS, then it would be a good idea to encrypt it too; these businesses have oodles of cash laying around, just waiting to be spent.  If you are a small business sending files back and forth to your other office and it has no personally identifiable information in it, then it probably isn't such a high priority.

Since most routers and firewalls have VPN technology built into them these days, it is generally a good idea to do it anyway, it doesn't appreciably slow anything down, and it just makes things that much more secure.  Likewise for the strong authentication. 

John
 


Hi,

I'm looking for any information related to the security of leased
lines, specifically if it is feasible to eavesdrop on them outside a
companies building. What would it take to do it?

I'm having a debate about the use fullness of encryption on leased
lines and the use of strong authentication for the PPP session and
such.

I understand there are always risk assessment/costs aspects to
security issues, but I'm currently focused on the technical side of
things :)



_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
http://clk.atdmt.com/GBL/go/171222985/direct/01/
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Leased Lines
    ... I'm looking for any information related to the security of leased ... specifically if it is feasible to eavesdrop on them outside a ... companies building. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Leased Lines
    ... I'm looking for any information related to the security of leased ... specifically if it is feasible to eavesdrop on them outside a ... companies building. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
    ... If there was no change then the security industry would be dead as the ... technology evolves so quickly that "new" technology is ... Information Assurance Certification ... Prove to peers and potential employers without a doubt that you can ...
    (Pen-Test)
  • Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
    ... holder globally and the most highly accredited Global Information Security ... Although technology moves on, many of the underlying foundations do not. ... Information Assurance Certification ... Prove to peers and potential employers without a doubt that you can ...
    (Pen-Test)
  • Re: University plan
    ... Core Security Technologies ... Find a good 4 year undergraduate school, ... a full practical examination in order to become certified. ... Information Assurance Certification Review Board ...
    (Pen-Test)