Encryption is one way to secure the *transport* on the network (subject to various caveats about appropriate use of crypto, trust issues, etc.). I'd strongly disagree with anyone who says that encryption "makes a network secure" - because people interpret that to mean "if I encrypt the network, I don't need to do anything else". In fact, there's lots of other things you need to do, such as authenticating the actions, ensuring you have adequate audit trails, ensuring that there are no security vulnerabilities, etc. Some people consider that to be host security as a separate topic, and so for them, encryption *does* secure the network. But I get nervous when someone says encryption secures the network, lest it be considered as an excuse to ignore all the other problems.
WRT the Marine Guards approach, years ago another approach was to run cables through pressurized conduits with sensors to detect if anyone tampered with the conduit before they could tap into the line. No idea if this is still done, or if there are new attacks possible (e.g., measuring the power leakage from the conduits). At that time, "Orange Book" evaluations weren't allowed to rely on cryptography as a security measure, so a network evaluation I worked on suggested using the Marine Guards approach. Not that we expected anyone to do it, but it was the only way to get past the ridiculous requirement... --Jeremy > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of ljknews > Sent: Monday, March 06, 2006 8:00 AM > To: Secure Coding Mailing List > Subject: Re: [SC-L] Question about the terms "encypt" and "secure" > > At 12:35 PM -0500 3/5/06, William L. Anderson wrote: > > > My question is whether it's more accurate to say "secure > their network" > > rather than "encrypt". I'm not clear myself about the > meaning of these > > terms; I think of encryption as being one way to make a > network secure. > > Another way that was described some years ago was Marine > Guards every 5 feet down the Thick Ethernet cable to prevent > unauthorized taps. Of course that was by someone in the > cryptographic business :-) > -- > Larry Kilgallen > _______________________________________________ > Secure Coding mailing list (SC-L) > SC-L@securecoding.org > List information, subscriptions, etc - > http://krvw.com/mailman/listinfo/sc-l > List charter available at - > http://www.securecoding.org/list/charter.php > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
