Thread: should I encrypt over a private network?
View Single Post
  #2 (permalink)  
Old 05-23-2008, 02:49 PM
Anne & Lynn Wheeler
Guest
  
Posts: n/a
Default Re: should I encrypt over a private network?

marlow.andrew@googlemail.com writes:
> Suppose a company has 2 sites, A and B, one is primary, the other is
> secondary for DR reasons. A and B are separated significantly
> geographically. Both A and B use a SAN for their data. A and B are
> connected by a private network. The SAN data is replicated between A
> and B over this private network using some replication product. My
> question is, "should I be worried about the fact that the SAN
> replication product does not do encryption?". When I raised these
> concerns the answer I was given was "its a private network so its not
> a problem". I am still not sure. Maybe I'm paranoid but I thought most
> security jobs were inside jobs and this is made easier if the data
> going over the wire is always in plaintext. But then again, data sent
> around the LAN using NFS is not encrypted either.

in the mid-80s, there were claims that the corporate internal network
had over half of all the link encryptors in the world (basically any
link leaving corporate premise had to be encrypted) ... this was
about the time that the size of arpanet/internet finally exceeded
the internal network (which had been larger from just about the
beginning until sometime mid-85) ... misc. posts mentioning internal
network:
http://www.garlic.com/~lynn/subnetwork.html#internalnet

in that period there was a story about a foreign consulate location, in
one of the major city, apparently was chosen because it had line-of-site
of a large microwave communication antenna array for major cross-country
communication. there were comments that a lot of foreign government
espionage was heavily intertwined with industrial espionage.

slightly earlier, in the early part of the 80s ... was looking at
deploying dial-up access into the corporate network for both (actually
major expansion for) home access (since i've had dial-up access at home
since mar70) and hotel/travel access. a detailed study found that hotel
pbx rooms were frequently especially vulnerable ... and as a result
encryption requirement was extended to all dial-up access ... which
required designing and building a custom encrypting dial-up modem for
these uses.

a lot of the internet hype seems to have distracted attention from both
other forms of external compromises as well as internal attackers.

Reply With Quote