I know this is only hazily part of the focus of the list, but the comment
about intercepting SSH communications over an insecure wire interested me. I
guess we have a fair few posts that touch on deliver secure services through
firewalls, so maybe it's relevant.
Cryptography is not one of my strong areas, but I thought SSH was designed
to avoid hijacking and man-in-the-middle attacks? I don't know exactly how
it works, but something like pre-shared RSA keys or certificates could be
used to authenticate hosts in a manner that a hacker sitting on the wire
wouldn't be able to impersonate because the secret segment is never
transmitted...right? Even Diffie-Helman or something should be proof against
a middleman...
Is there a cryptographer in the house? 8)
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct Dial: (08) 8422 8319 Mobile: (0414) 411 520
Well, and this may go beyond the scope of this list, but ...
Securing
analog lines (or any line for that matter) is hard becuase the telco
in most places isnt secure.. It would be really easy for a person
to
access the junction box (anywhere between you and the Central Office
of the telco) cut the phone wire, add in a line simulator (so that
your side gets dialtone, line voltage etc), add a computer with a
couple modems, one going to you, via the line simulator, one going
to the telco, and effectivly sniff the traffic.. The software to
control this would be fairly easy, and could most likely be written
by anyone that took a first year programming class (even a HS
class)..
Anyway, the only real way to prevent something like this is to have
encryption on this link, and then you couldnt do something like the
way SSH works becuase the person could intercept the key exchange,
and exchange their key with you, and their key with the system you
were tryiung to connect to, thus giving them cleartext..
But this type of attack is rare, and typically only done by people
that you wouldnt detect anyway, or by people who are going after
very
specific information, and not just random stuff (which appears to be
a lot more common, the random stuff that is)..
Anyway, I am rambling again so ... :)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
