Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!spool.mu.edu!agate!ucbvax!van-bc!ubc-cs!alberta!arcsun.arc.ab.ca!arcsun!kenw From: kenw@skyler.arc.ab.ca (Ken Wallewein) Newsgroups: comp.protocols.appletalk Subject: Re: Watch, peeking, and security threats Message-ID: Date: 21 May 91 17:51:53 GMT Article-I.D.: skyler.KENW.91May21105153 References: <9105160430.AA04272@eclectic.com> <1991May16.142436.15468@news.larc.nasa.gov> <1991May20.173119.4279@visix.com> Sender: nobody@arc.ab.ca (Absolutely Nobody) Organization: Alberta Research Council, Calgary Alberta, Canada Lines: 45 In-Reply-To: amanda@visix.com's message of 20 May 91 17:31:19 GMT In article <1991May20.173119.4279@visix.com> amanda@visix.com (Amanda Walker) writes: ... One approach is to use security systems (such as Kerberos) which do not depend on the physical security of the machines or the network. If this is infeasible, the best you can probably do is punish people you can catch, and live with the reality that anyone who wants to badly enough will ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ compromise your security. ^^^^^^^^^^^^^^^^^^^^^^^^ -- Amanda Walker amanda@visix.com Visix Software Inc. ...!uunet!visix!amanda -- UNIX: The only operating system that can be destroyed by mail. Aw, come on. Let's get realistic. There a big difference between professional spooks and idle curiosity. How serious you get depends on your situation. There ain't no such thing as 100% secure. As long as messages cross a network in cleartext, and that network is accessible by computers which do not support security in hardware and software, it's going to be pretty hard to prevent snooping. Now, a constructive idea: how about network interface hardware manufacturers designing the circuit boards so that promiscuous mode is not implemented on some boards, or could require hardware changes to activate, or a password, or something like that? Some one earlier posted an idea along the line that packet sniffers should first broadcast a message saying "I'm gonna start sniffin' now!". That would be a nice, easy thing to help suppress casual sniffing by the wrong people. Sure, it wouldn't stop anybody who was serious and/or knowledgeable, but it would be polite, and would solve 95% of the problem. And make no mistake -- this IS a game of percentages. -- /kenw Ken Wallewein A L B E R T A kenw@noah.arc.ab.ca <-- replies (if mailed) here, please R E S E A R C H (403)297-2660 C O U N C I L