Our motto here is" encrypt it all, and let the endpoints sort it out ".
Remote access does not happen in a vacume. Unles you TOTALLY trust each
and ever accesspoint <ISP?> then encrypt, lessen the chances of eaves
dropping and MITM attacks, let them listen to garbage.
Thanks,
Ron DuFresne
On Fri, 20 Apr 2001, Mogren, Jack L. wrote:
> This may be a bit off-topic from firewalls, but I'd like to hear other
> people's opinion. We (information security) are having a minor holy war
> with our internal audit folks concerning the requirement for employees using
> remote access to also use encryption. We understand that there are cases
> where encryption may be required. But we feel it's a matter of performing
> an analysis of the risk. Wiretapping of public telephone services by
> someone intent on reading your email is a possibility, but a mile-wide
> asteroid might hit the planet today too. Of greater importance for the
> occasional remote access user is the use of strong authentication of both
> parties and specific access authorization. Now it may be a different matter
> for the telecommuter, say a transcriptionst. Their exposure is greater
> because they're connected longer and the data may be more sensitive. In
> this case, maybe encryption is warranted.
> I've done a bit of searching for instances of wiretapping on the Web and
> have come up empty-handed. I've seen a lot of news stories concerning
> wiretapping laws, mis-use by law enforcement or government entities, and
> Lynda Tripp taping Monica. But I have not found an instance of someone
> tapping into an established modem-connected session, then expoiting this
> connection to steal data in transmission. I also see a lot of talk from
> "consultants" and vendors about what a widespread issue this is. Has anyone
> out there had first-hand experience with an incident?
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
