From: Stephen J. Wilcox [mailto:steve@opaltelecom.co.uk] Sent: Tuesday, July 31, 2001 6:52 AM
so thats my main logic, authentication... i cant understand the big paranoia on people sniffing tho!
If ANY part of the link, between the NetAdm and the CORE system, even accidently, transits ANY part of an untrusted network, then that link is sniffable. Now, if you are accessing said equipment, via in-band means, this is virtually guaranteed to be the case (with a small number of anomalous exceptions). Even out-band networks are vulnerable if someone accidently leaves one host, in router-mode, and one of the NICs is on the Admin LAN. With dynamic routing, this is even less deterministic. Given a Firewall, one contractor/sales-person, with a lap-top and an 802.11b (or even Ricochet) connection to the outside world, on your inner-LAN; Your Firewall becomes a potential Maginot Line ... useless. [side-bar: A Compaq Ipaq can do this, running Linux. As PDAs get more powerful, they also become potential stealth cracker tools] Ergo, all networks are potentially sniffable. Many of them leak like sieves. You also imply another fallacy, that of only encrypting sensitive traffic. Given the above and in a stack full of needles, when you know that only the encrypted ones are interesting, you will only sniff the encrypted ones (this is the essential fallacy of SSL, it's even conveniently segregated by port number). This measurably cuts down the search time. Now if all needles were equally encrypted you add steganographic effects, to the LAN, and it becomes orders of magnitude more difficult to crack. I submit that all packets, on all networks, even SANs, should be strongly encrypted, at all times. I further submit that all hosts, even those behind a Firewall, should be hardened against attack. Never assume that you are safe.