Date: Wed, 08 Sep 1999 10:41:47 +0400 (MSD) From: "Sergey S. Kosyakov" <ks@Chg.RU> To: dmp@aracnet.com Cc: freebsd-security@FreeBSD.ORG, Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Subject: Re: Layer 2 ethernet encryption? Message-ID: <XFMail.990908104147.ks@chg.ru> In-Reply-To: <37D60350.6E85A7A1@aracnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08-Sep-99 dmp@aracnet.com wrote: > Garrett Wollman wrote: >> <<On Tue, 07 Sep 1999 00:20:34 -0700, dmp@aracnet.com said: >>> I have two problems. The first is that EM emissions on UTP allows >>> one to monitor all traffic on that cable. >> >> Use fiber NICs. > > Short of winning a significant lottery, it would be economically > impossible to move the network to fibre, there's too many nodes to > upgrade. Security was always expensive :-) More security, more expensies. >>> The second is that a >>> sniffer run on an authorized machine will be able to see the source >>> and destination IP and port of all IP traffic on it's segment. >> >> Use a good switch and hard-wire the bridge table. > > The network currently can't be segmented any more than it is without > breaking it's applications. 1. I don't undestand. What do you mean "breaking it's applications". 2. Do you thing about huge CPUs load on each host in the case of "too many nodes"? In the case of layer2 encryption each host must decrypt each packet in the segment, or at least each packet header. --- ---------------------------------- Sergey Kosyakov Laboratory of Distributed Computing Department of High-Performance Computing and Applied Network Research Landau Institute for Theoretical Physics E-Mail: ks@chg.ru Date: 08-Sep-99 Time: 10:36:35 ---------------------------------- --- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990908104147.ks>