I think that we could probably come up with thousands of different ways
to compromise the security of an internal network. What about actually
securing it? One of the easiest things that I have seen done was
impliment an IPSec-based LAN. The setup was simple.
From the outside in:
router -
On 2 Aug 2002, Kenneth E. Lussier wrote:
From the outside in:
router - firewall - FreeS/WAN gateway - encrypted traffic to LAN.
Each machine on the LAN had it's own keypair that was registered with
the gateway, so when a desktop was fired up, it would authenticate
itself to the gateway,
Ben Boulanger said:
On 2 Aug 2002, Kenneth E. Lussier wrote:
From the outside in:
router - firewall - FreeS/WAN gateway - encrypted traffic to LAN.
Each machine on the LAN had it's own keypair that was registered with
the gateway, so when a desktop was fired up, it would authenticate
On Fri, 2 Aug 2002, Tom Buskey wrote:
There's always the DOD approach: put the network cables in conduit that
has a vibration alarm on it. Use 10base2, token ring, or FDDI;
something that detects a break and stops passing traffic if a splice is
made.
1) Unless I'm mistaken (something I'll
In a message dated: 02 Aug 2002 08:38:52 EDT
Kenneth E. Lussier said:
I think that we could probably come up with thousands of different ways
to compromise the security of an internal network. What about actually
securing it? One of the easiest things that I have seen done was
impliment an
On Fri, 2002-08-02 at 12:11, Ken Ambrose wrote:
1) Unless I'm mistaken (something I'll readily concede if it's the case --
my time with Token Ring Hell^H^H^H^H^H^H^H^H^H United Parcel Service
was many moons ago), you could just splice the TR cable, plug it into
a MAU, and go from
On Fri, 2002-08-02 at 12:13, [EMAIL PROTECTED] wrote:
In theory, this is a great idea. However, keep in mind that:
Security = 1/productivity
In many corporate situations, especially engineering environments,
the implementation of a VPN would get in the way of development.
There
In a message dated: 02 Aug 2002 12:39:34 EDT
Kenneth E. Lussier said:
I'm not saying that there is *no* overhead, just that in a LAN
environment it is not a major factor.
Whether or not it's a factor depends upon what type of delay is
introduced vs. what is acceptable, and the definitions of
So, basically, be suspicious if anyone brings in a gaming console and
sets it up in the breakroom.
My favorite quote form this was:
Most organizations focus on the perimeter, said Davis. Once you get
through the outside, there's a soft chewy center.
Not a bad read. A little light on the
I'd think an old 386 would be alot less noticable and more disposable.
Heck, how about a floppy based system? Go up to an existing machine
already running on a friday afternoon and boot. If it's a floppy, have
it erase itself after it boots. It'd probably run undetected until
monday morning.
10 matches
Mail list logo