Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1997

NFR Wizards Archive: Re: cost of frame relay snooping

Re: cost of frame relay snooping

C Matthew Curtin (cmcurtinresearch.megasoft.com)
Sat, 1 Nov 1997 16:36:38 -0500 (EST)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: C Matthew Curtin: "RFC 1244 updated (was: RE: Security Policy)"
Previous message: Scott Blake: "RE: port 256/257 and firewall-1"
Next in thread: dnewmandata.com: "RE: Re: cost of frame relay snooping"
Maybe reply: dnewmandata.com: "RE: Re: cost of frame relay snooping"
Maybe reply: Krammes,Jim: "RE: Re: cost of frame relay snooping"

>>>>> "Jyri" == Jyri Kaljundi <jkstallion.ee> writes:

Jyri> Do any of you think about this when you decide if a frame relay
Jyri> connection should buy VPN encryption software or not?

The issues regarding frame relay security are different from those of
using the Internet as the conduit for VPNs. When someone offers frame
relay service as a "more secure" alternative, he might very well be
right, for a certain classification of attacker.

When deciding whether (and/or how) to encrypt that frame relay
connection end-to-end, it's useful to return back to the basic
principles of security. What's your policy? What's your threat
model? What's the danger of someone sniffing the traffic? How much
damage could a sniffer cause? How much does it cost to encrypt the
line?

Of course, asking questions like this is always a good idea,
regardless of what you're planning to do to your network.

Now, the difficulty that an attacker will have in snooping your VPN
link will vary, based on a number of factors. Typically, frame relay
connections are provided to a site, router and all, from the service
provider. The router is managed by the provider. One typically can't
just hang any device on the network and start listening in.

When getting into specifics, the ease with which someone can snoop
will vary depending on how the provider manages their network, what
the topology of the network is, etc.

My advice would be to have a discussion with an engineer from the
provider who can answer topology questions and talk about security
issues with you. Don't let 'em snow you with answers like "we take
precautions"--find out what they do, and how it makes life difficult
for an attacker.

-- 
Matt Curtin  Chief Scientist Megasoft Online  cmcurtinresearch.megasoft.com
http://www.research.megasoft.com/people/cmcurtin/    I speak only for myself
Keywords:  Crypto Security Privacy   Unix Internet Perl Java   Death-to-spam

Next message: C Matthew Curtin: "RFC 1244 updated (was: RE: Security Policy)"
Previous message: Scott Blake: "RE: port 256/257 and firewall-1"
Next in thread: dnewmandata.com: "RE: Re: cost of frame relay snooping"
Maybe reply: dnewmandata.com: "RE: Re: cost of frame relay snooping"
Maybe reply: Krammes,Jim: "RE: Re: cost of frame relay snooping"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:47 CDT