Absolutely: I still think its better to have encryption than to not. I
seem to remember (maybe it was the FWWIZ list) a discussion about the
need to log whether or not certain files were being scp'ed out of a
network. Thats what I was thinking about.
More than anything, I was just pondering the "what-ifs". You can have
users who are trusted for remote access, but not restricted in what
they can do within that remote access. Those restrictions could be
enforced at the end-point, but once the encryption's in place, its
difficult to tell whether the user has somehow sidestepped those
restrictions through observing the traffic (which is the point of
encryption, but as I said, I was simply pondering the trade-offs).
Henry
> -----Original Message-----
> From: Ron DuFresne [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 20, 2001 11:33 AM
> To: Henry Sieff
> Cc: 'Jose Nazario'; Mogren, Jack L.; '[EMAIL PROTECTED]'
> Subject: RE: Remote Access and the need for Encryption
>
>
>
> Henry, though,one can get an idea of what those users are doing at
the
> inside endpoint, if required one can monitor what commands
> and processes
> are unleashed upon the inside endpoint. Now, oif the users are not
> trustworthy, then what are they doing with the ability yo do
> remote access
> in the first place.
>
> Thanks,
>
> Ron DuFresne
>
>
> On Fri, 20 Apr 2001, Henry Sieff wrote:
>
> > Of course, on the flip side of the equation:
> >
> > Once you encrypt, you can no longer tell what YOUR users are doing
> > within that encrypted channel. Something to think about. . .
> >
> > Henry
> >
> > > -----Original Message-----
> > > From: Jose Nazario [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, April 20, 2001 10:28 AM
> > > To: Mogren, Jack L.
> > > Cc: '[EMAIL PROTECTED]'
> > > Subject: Re: Remote Access and the need for Encryption
> > >
> > >
> > > actually, yes.
> > >
> > > several ISPs have had their systems compromised and the data
> > > that travels
> > > their networks sniffed. this includes login and password
> > > combinations, and
> > > also sensitive documents. while its rare that the kiddies
> > > know what to do
> > > with these documents, are you willing to risk that?
> > >
> > > given the ease with which it can be set up, an encrypted
> > > tunnel between
> > > remote users and the home office makes sense. you don't know
> > > the networks
> > > you are traversing, you don't know their security, but you do
know
> > the
> > > security needs of the information you are sending over the
> > > wire, which is
> > > to say its sensitive data.
> > >
> > > while you may not feel someone is targetting you (ie FBI, NSA,
the
> > > Moussad, organized crime or what have you), you can bet your
> > > bottom dollar
> > > that its possible that someone is listening on those
> > > untrusted networks.
> > > why leave the information up for grabs?
> > >
> > > ____________________________
> > > jose nazario
> > > [EMAIL PROTECTED]
> > > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD
> > > 48 A0 07 80
> > > PGP key ID 0xFD37F4E5
> > > (pgp.mit.edu)
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
