Newsgroups: comp.dcom.lans
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: Security on ethernet, recent LAN mag article
Message-ID: <1988Mar29.174843.639@utzoo.uucp>
Keywords: ethernet,security
Organization: U of Toronto Zoology
References: <4805@ecsvax.UUCP>
Date: Tue, 29 Mar 88 17:48:43 GMT

>   Does anyone have any ideas of how to deal with this? Is encryption
> the only answer, ($$$)? ...

Encryption is not necessary if your Ethernet meets ALL the following
conditions:

1. Unauthorized connections are not an issue, either because you take
precautions against them (a lot of work) or because you're not worried
about them.  Unauthorized tapping of fiber or thick Ethernet is not a
trivial operation, i.e. casual snoopers are unlikely to bother.  Thin
Ethernet with a connector just sitting there waiting to be plugged in
to is another matter.

2. All authorized connections go to machines whose physical security
is not an issue, again either because you take precautions or because
you're not worried.  The ability to reboot a machine often constitutes
complete control over its software.

3. All authorized connections go to machines which either (a) cannot be
used by untrusted users, or (b) are controlled by software that enforces
appropriate restrictions on network access by users.  Unix can do okay
in this area if you pay attention to it.  MSDOS is inherently incapable
of enforcing security.

If your network does not meet all three of these conditions, it cannot be
secure without carefully-designed encryption.  "Carefully-designed" means,
in particular, that the procedures for setting up an encrypted connection
must be planned with problems like "active wiretapping" [bad guys injecting
false messages to try to capture the connection] in mind.
-- 
"Noalias must go.  This is           |  Henry Spencer @ U of Toronto Zoology
non-negotiable."  --DMR              | {allegra,ihnp4,decvax,utai}!utzoo!henry