Isn't it usually the configuration in use and not the OS that leads to
vulnerabilities?
-----Original Message-----
From: Lee, Dana-Renee [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 20, 1999 1:09 PM
To: Ben Nagy; '[EMAIL PROTECTED]'
Cc: [EMAIL PROTECTED]
Subject: RE: Is Private Network & Internet on same FR Circuit Ok?
Here is a question no one has asked yet:
Do you want to trust a firewall on an OS as unsecurable as NT is??
Renee Lee
-----Original Message-----
From: Ben Nagy [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 19, 1999 8:29 PM
To: '[EMAIL PROTECTED]'
Cc: [EMAIL PROTECTED]
Subject: RE: Is Private Network & Internet on same FR
Circuit Ok?
AFAIK There is no IOS command on normal routers (dunno about
the huge stuff)
that will let you see the actual packet _body_. Even if one
has exec on the
router.
As to whether you should encrypt in this situation, I guess
it depends on
what your data is. If it's employee ICQ, then maybe not. If
it's my medical
records or financial transactions, then maybe you should.
There do exist boxes that you can put on a frame relay line
that will dump
the entire traffic. Or you can just get to the data when it
passes through
copper / fibre somewhere. I guess the question is whether
you trust the
security of the physical access to the data path.
Alternatively, there may be non-Cisco routers in the cloud -
can anyone
speak for the other brands that are around in telcos / large
ISPs? What if
one of those gets compromised?
You ask what the security risk is if you don't use
encryption...what is the
downside if you do? With the hardware cards, even the baby
Ciscos will ship
A Goodly Amount of data with 56-bit DES. Is your pipe so big
that the
performance hit will cripple you?
Cheers,
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: Joe Ippolito [mailto:[EMAIL PROTECTED]]
> Sent: Monday, 20 September 1999 5:06 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Is Private Network & Internet on same FR
Circuit Ok?
>
> Another scenario with a similar concern.
>
> Internet
> |
> |
> Router A-------PVC------Router B
> | |
> | |
> DMZ A----Firewall A Firewall B-----DMZ B
> | |
> | |
> Site A Site B
>
> The purpose of this configuration is to provide a
third-world site (Site
B) tier-one Internet connectivity (not available locally)
through a large US
site while providing intra-company connectivity between the
two sites with
the same WAN connection. An advantage is that site B would
retain local
access to its own self-administered DMZ. Both firewalls
have routable
external addresses along with the adjacent router interface
and the Internet
side of router A. The PVC between Routers A and B have only
private
addresses (e.g. 192.168.x.x.) Both firewalls do IPSec VPN's
with many other
sites. Is it really necessary to do DES encryption for
communication
between sites A and B? What is the security risk if we do
not? Is it
possible to hack a Cisco router and sniff clear data
packets?
>
> Thanks
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
