OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: Re: Layer 2 ethernet encryption?

Re: Layer 2 ethernet encryption?

Sergey S. Kosyakov (ksChg.RU)
Wed, 08 Sep 1999 10:41:47 +0400 (MSD)

On 08-Sep-99 dmparacnet.com wrote:
> Garrett Wollman wrote:
>> <<On Tue, 07 Sep 1999 00:20:34 -0700, dmparacnet.com said:
>>> I have two problems. The first is that EM emissions on UTP allows
>>> one to monitor all traffic on that cable.
>>
>> Use fiber NICs.
>
> Short of winning a significant lottery, it would be economically
> impossible to move the network to fibre, there's too many nodes to
> upgrade.

Security was always expensive :-) More security, more expensies.

>>> The second is that a
>>> sniffer run on an authorized machine will be able to see the source
>>> and destination IP and port of all IP traffic on it's segment.
>>
>> Use a good switch and hard-wire the bridge table.
>
> The network currently can't be segmented any more than it is without
> breaking it's applications.

1. I don't undestand. What do you mean "breaking it's applications".
2. Do you thing about huge CPUs load on each host in the case of "too many
nodes"? In the case of layer2 encryption each host must decrypt each packet in
the segment, or at least each packet header. 

---
----------------------------------
Sergey Kosyakov
Laboratory of Distributed Computing
Department of High-Performance Computing and Applied Network Research
Landau Institute for Theoretical Physics
E-Mail: kschg.ru
Date: 08-Sep-99
Time: 10:36:35
----------------------------------

---

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

















This archive was generated by hypermail 2.0b3 
on Wed Sep 08 1999 - 01:45:12 CDT