On Wed, 9 Oct 1996, Rabid Wombat wrote:
> On Tue, 8 Oct 1996, R wrote:
> > All this does is slow the intruder down! Even with a switch or a "secure
> > hub", you still have to worry about point-to-point sniffing. An intruder
> > who gets into Box A can sniff any connections made from or to it. Once
> > someone telnets from A to B, now the intruder has access to Box B, gets
> > root on it, and now he/she has two sniffers running. From there, it
> > snowballs. True, it's slower than sniffing a shared physical medium, but
> > you're still going down.
> I doubt I'll be going down. No single piece of technology is going to
> secure the network; security requires a number of well integrated
> components, systems, policies, and the occaisional voodoo sacrifice of a
> rubber chicken.
> The idea is to harden the target as much as possible, increasing the
> level of effort required by the intruder, increasing the time it take the
> intruder to get what they are after, increasing the chances that the
> intruder will make a mistake, and giving your monitoring systems a
> fighting chance at catching them.
> Putting a really big lock on the front door won't keep someone from
> crawling in through the back window. Locking all the doors and windows,
> and putting in an alarm system and a b.f.d. won't keep out someone with a
> blowtorch and an UZI, but you'll sure as hell know they're there.
> I still think a secure hub is a good, cheap investment for a bastion
> segment, and not a bad addition to your internal network, either. Many of
> the major hub vendors offer this feature - you just need to turn it on.
Yes, multiple layers of security are key. But as for the secure hub per
se, it is only adding a little bit to the whole defense.
Unfortunately, the analogy to a house break-in is tenuous... If I use
blowtorches etc. I make a lot of noise and leave a lot of damage. If I
use sniffer software correctly, I will be very stealthy.
I don't mean to come across as antagonistic -- I do agree with your
conclusion that "a secure hub is a good, cheap investment for a bastion
host." I am just leery of people overestimating what it buys them.