Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 08 Sep 1999 10:00:24 -0500
From:      "Jeffrey J. Mountin" <jeff-ml@mountin.net>
To:        dmp@aracnet.com
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Layer 2 ethernet encryption?
Message-ID:  <3.0.3.32.19990908100024.01d18800@207.227.119.2>
In-Reply-To: <37D61900.E0E8144C@aracnet.com>
References:  <Pine.BSF.4.10.9909070955040.23589-100000@bsdie.rwsystems.net>

next in thread | previous in thread | raw e-mail | index | archive | help
At 01:06 AM 9/8/99 -0700, dmp@aracnet.com wrote:
>James Wyatt wrote:
>> 
>> There are nice 10bT to fiber (fibre in the UK) converters in the BlackBox
>> catalog (catalogue). You chould put these oh-so-close to the router or
>> switch in the equipment space - maybe even braid the 10bT cables to
>> confuse any listeners there. Then 10bF cards in the machines ensure no EMI
>> emitted in the unsecure area. - Jy@
>
>You'll still have EM leakage at the converter and insecure traffic.
>Plus, you can tap a fibre line almost as easily as you can tap a UTP
>line.

Grounded shield at the converter would solve the EM, but would make moving
connections a real pain.

As for the tapping, it would require a break in the line and that can be
monitored for, but again the expenses go up.  Still if the conduits are in
the building, do not use exterior walls, and access is limited...

Gotta face the fact that one way or the other there is no cheap, easy
solution.

One has to wonder why security is so paramount (barring you admitted
paranoia).  Or does that require a clearance. 8-)

As for anothers mention of TEMPEST, you should check out:

http://www.eskimo.com/~joelm/tempest.html

This should add a bit to my first suggestion on EM.


Jeff Mountin - jeff@mountin.net
Systems/Network Administrator
FreeBSD - the power to serve
'86 Yamaha MaxiumX (not FBSD powered)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.19990908100024.01d18800>