Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!purdue!bu-cs!kwe From: kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) Newsgroups: comp.dcom.lans Subject: Re: Ethernet security Message-ID: <37270@bu-cs.BU.EDU> Date: 29 Aug 89 17:26:04 GMT References: <3956@phri.UUCP> <2424@aecom.yu.edu> Reply-To: kwe@buit13.bu.edu (Kent England) Followup-To: comp.dcom.lans Organization: Boston U. Information Technology Lines: 37 In article <2424@aecom.yu.edu> naftoli@aecom.yu.edu (Robert N. Berlinger) writes: > >But it's just as often the case that the Ethernet cable is handed >on a silver platter to the potential snoop (run through his/her >office). And the Ethernet may well have been tapped already and >connected to the back of their system. In fact, that's the basis >for Ethernet in the first place! Now all that is needed is some >appropriate software to snoop, and can be done from the >convenience of their office, undetected, with no physical >evidence to prove malintent. > I agree that the degree of security risk is related to the perceived as well as actual difficulty in accomplishing the compromise. This is another reason I like twisted pair ethernet. I think it will be much harder to attach an unauthorized device to a TP Ethernet and I am not sure that tapping the twisted pair itself will result in anything useful without modification of the tapping device's ethernet attachment. While I would never tell a client that this is absolutely secure, I would point out the advantages over thin and thick cable promiscuously distributed. My guess is that, in future, when ethernet bridging/filtering chips are developed and are available as options in ethernet concentrators, that many users will opt for these as another form of security enhancement. Then the snooper will really have to gain access to the concentrator network management agent to gain access to datagrams that don't belong to him. Still not perfectly secure, but a long way better than the alternatives (ie, networks with security built in from the ground up, so to speak, or complete host-based security). Kent England, Boston University [please no comments to the effect that less than complete security is no security.]