-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Ben Nagy [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 05, 2000 6:24 PM
> >
> > For those currently letting others maintain various aspects of
> > their network, perimeter, inner-soft-chewy-center, etc; Would
> > you be concerned to find the company doing the maintainance work
> > for you mostly via open text channels via the internet?
>
> Sniffers and IP spoofing are possibly less of a threat than
> you might think.
> If you're administering a system elsewhere on the Internet,
> an IP spoofing
> attack is actually quite difficult. Sniffing is sometimes
> easier, but only
> an option to people that have a level of physical access to
> the wire, in
> most cases. [...]
I assume Ron is concerned about someone administering a box in your
network across the Internet using clear-text. In that case I would
say, yes sniffing is a problem. An attacker does not need physical
access your wire, but instead can hack one of your boxes and sniff
control traffic. Depending on how someone admins the box (in regards
to time between detection and action), an attacker may have enough
time to hack one of your boxes, sniff the traffic and then either a)
gain passwords to login to other boxes to turn the IDS off (or modify
it to conceal his actions), b) learn information on how the box is
managed and using that information to plan his real attack, or c)
create false positive to blind the remote admin.
I believe any remote administration (even if it is just receiving log
data, i.e. Syslog) should be encrypted.
In regards to IP spoofing, I agree with you.
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBObZZZ0RKym0LjhFcEQLXnACfY9QZciW663+5mykmkbQQimadjR8AoI5M
AwAGU+gvJdgOP1LBMwReNvJ+
=BDwy
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
