Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: x.25 link running HDLC does not need firewall?

from [Sandy Harris] Network Security [Permanent Link]
Subject: Re: x.25 link running HDLC does not need firewall?
Date: Thu, 26 Aug 2004 23:45:40 -0700 
Dave Killion wrote:

<Disclaimer>

I work for a firewall products company.  It makes sense for me to
recommend firewalls.  It doesn't necessarily mean this is a bad idea.

</Disclaimer>

My disclaimer is that I've been involved in implementing IPsec.

Generally it's not practical to be overly concerned about the x.25 link
itself - the phone company has fairly right control over these things.


That depends on your data. A link between a bank and a stock exchange
might carry some high value transactions. To me, it seems obvious you
ought to encrypt it for your customers' privacy and you ought to use
strong authentication mechanisms. Tapping an X.25 line is not hard.
I am not sure if injecting bogus data is difficult. My guess is that
you have a business requirement to render it impossible.

It's the endpoints that need examining.  I would strongly suggest
firewall-like controls at any ingress/egress points to your network.
You have zero control over the security of the stock exchange servers,
and therefore need to be protected from them.

I agree completely with that paragraph. I just suggest that you should talk to your opposite number at the stock exchange and see if you can
encrypt the link as well.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Better way to do VLAN in Linux, Dave Paris
Next by Date:  RE: Do PIX firewalls support GRE tunnels?, Semerjian, Ohanes
Previous by Thread:  RE: x.25 link running HDLC does not need firewall?, Dave Killion
Next by Thread:  Re: x.25 link running HDLC does not need firewall?, David M. Zendzian
Indexes:  [Date] [Thread] [Top] [All Lists]