Newsgroups: comp.protocols.tcp-ip
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re:  Re: IP based authentication of hosts
Message-ID: <1989Apr17.213712.5631@utzoo.uucp>
Organization: U of Toronto Zoology
References: <376@ists.ists.ca> <29416@bu-cs.BU.EDU> <Apr.10.23.46.46.1989.12488@geneva.rutgers.edu> <29455@bu-cs.BU.EDU> <10526@bloom-beacon.MIT.EDU> <29475@bu-cs.BU.EDU> <709@scaup.cl.cam.ac.uk>
Date: Mon, 17 Apr 89 21:37:12 GMT

In article <709@scaup.cl.cam.ac.uk> scc@cl.cam.ac.uk (Stephen Crawley) writes:
>Kent England suggests that it is possible to prevent ether snooping
>in many cases, and that this can be used to give ``a modest level of
>security sufficient to fulfill [his] obligations to protect data and
>yet still allow [] applications to use network technology'' 
>
>Kent, how do you propose to stop J R User from unplugging his Sun and 
>plugging in a PC to run an etherspy?

If he's using Ethernet to connect Suns in offices and terminal rooms,
he can't.  If, on the other hand, it's simply the interconnect within a
central computing facility, then the situation is not so bad.  Yes, it
can always be done by someone with the right tools and knowledge -- but
in most places, such people are relatively rare.  The key question is,
what level of threat are you trying to defend against?  If all you want
is to stop casual nosiness by J R User, Kent's approach may be reasonable.

Even if JRU knows how to tap an Ethernet -- and if it's thick cable, the
chances are pretty good that he doesn't -- he is going to be reluctant
to walk into a facility where he is an unauthorized outsider and start
pulling up floor tiles and messing with cables underneath.  Likewise, he's
going to be reluctant to disconnect existing transceiver cables, for fear
that he'll disrupt ongoing activities badly enough for the Cable Police
to come charging in the door.

No, it's not going to stop a determined and knowledgeable intruder who
is willing to take some risks, but that's a different level of threat
and a rather less common one.  Switching to encryption-based schemes
will thwart him, but it is much more costly in several ways.  In a
relatively friendly environment, it may not be cost-effective.

>I put it to you that your ``modest degree of security'' is actually
>no security worth speaking of.  

It depends on what level of threat we are speaking of, and on details
of the environment (e.g. where existing taps are).  Don't dismiss it
as "no security worth speaking of" just because it wouldn't stop the NSA.
-- 
Welcome to Mars!  Your         |     Henry Spencer at U of Toronto Zoology
passport and visa, comrade?    | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
