>>>>> "Thomas" == Thomas D Nadeau <tdn @
tdn .
xyplex .
com> writes:
Thomas> I agree that there is a legality issue here,
Thomas> but that only comes to play *after* you discover that your
Thomas> site has been infultrated, and all of your data stolen. As
Not really; If there is liability involved, then the liable party (the
Telco, in this case) will be strongly motivated to stop people from
stealing your data. If you do not trust the carrier to keep your
traffic secure, you encrypt. That simple.
Thomas> I have said before, the important point here is that Frame
Thomas> Relay, like IP, uses virtual or logical circuits across the
Thomas> same _physical_ medium. Whenever two different parties
Thomas> potentially share the same physical medium for the transport
Thomas> of data, there is always the possibility of one party
Thomas> looking at the others' data.
This is not really correct; frame relay is neither like an ethernet
bus, in which every host sees every packet, nor like a token ring, in
which several intermediate hosts see your packet. It is a switched
configuration, and as long as the switch is not broken into, your
traffic will go where it is expected to, not to the cracker.
If the switch is broken, all bets are off. Likewise, if there's a guy
on you pole or OCU with a datascope, all bets are off. Frame relay
security is really a lot more like DDS security than like ethernet
security.
This has gotten philosophical and rather far afield of firewalls. If
you wish to continue the discussion, send me personal mail, or better
still vote YES for comp.dcom.frame-relay.
-Rens
Follow-Ups:
References:
|
|
