OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: RE: Frame relay security

RE: Frame relay security

Rick Smith (rick_smithsecurecomputing.com)
Tue, 21 Apr 1998 15:28:15 -0500

At 10:32 AM -0400 4/20/98, Brock, Todd A wrote about frame relay:

>I too would be REAL interested in any responses to this inquiry. Because I
>am VERY doubtful that there will be any but purely anecdotal response
>supporting the assumption of insecurity or known hacks or eavesdropping etc.
>on a Frame link. IMHO if you think Frame is insecure, then you might as
>well assume that ALL public telecommunication is. (This includes "private"
>leased lines).

I think this hits the nail squarely on the head. If the data owner believes
that attackers have the means and motive to intercept their traffic as it
traverses public telecom networks, then additional security is warranted.
If the data owner doesn't believe the attackers' benefits will outweigh
their costs, then encryption is unnecessary.

In certain industries you do have national level eavesdropping
organizations (NSA or NSA like) spending lots of money listening to
commercial traffic for a variety of reasons (trade secrets in critical
technologies, info to support trade negotiations, strategic assessments,
etc). But if the data owner doesn't think it's a risk, then the data owner
isn't going to spend the money. Often the information is accessible through
several easier channels anyway.

However, it's important to keep in mind that lots of systems still rely
heavily on reusable "secret" passwords for authentication. This may give
attackers a really juicy target and might make costly attacks seem
worthwhile.

Rick.
smithsecurecomputing.com

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:47 CDT