derrick@cs.athabascau.ca (Derrick Rowlandson) (06/27/91)
I have a question about security hazards on a network's (TCP/IP) SLIP connections. I understand that machines on the ethernet bus can place themselves in a promiscuous mode, and watch packets go by, including usernames and passwords. SLIP connections on the other hand are not on the bus, and I would expect that they will not see any data other than that which is intended for them, thereby not making them such a security risk. Is this valid reasoning? Otherwise, what other security risks are there when dealing with SLIP users? The SLIP 'server' we are using is a data switch (Gandalf Starmaster), which will allow PC's to network after they enter a unique service name, followed by a unique password.(when I say unique, I mean that each SLIP user has a unique service and password) Thanks for any and all comments, and information. Derrick
andyc@gapos.bt.co.uk (Andy Constantine) (06/28/91)
In <1803@aupair.cs.athabascau.ca> derrick@cs.athabascau.ca (Derrick Rowlandson) writes: >I have a question about security hazards on a network's (TCP/IP) SLIP >connections. >I understand that machines on the ethernet bus can place themselves in a >promiscuous mode, and watch packets go by, including usernames and passwords. >SLIP connections on the other hand are not on the bus, and I would expect >that they will not see any data other than that which is intended for them, >thereby not making them such a security risk. Is this valid reasoning? >Otherwise, what other security risks are there when dealing with >SLIP users? The SLIP 'server' we are using is a data switch (Gandalf >Starmaster), which will allow PC's to network after they enter a >unique service name, followed by a unique password.(when I say unique, I mean >that each SLIP user has a unique service and password) >Thanks for any and all comments, and information. >Derrick I have limited experience with SLIP but here goes:- There are many products now available giving the end user SLIP connectivity, the issues for security are important as it is very easy to tap into an RS232 (or similar) data line and watch the data roll by. I see two issues for the initial system beyond that you have to consider the encryption of the complete serial link. 1) The SLIP link should only have traffic destined for end machine routed to it ( obviously important for performance), this is configurable on some systems. This would cut down the snooping to the traffic destined for the end machine only. 2) The system that I have experience of, allowed for the encryption of passords over the serial link which helps to stop the hackers. The system had several other security features which may be worth investigating. I am sure the suppliers of this product would be happy to help, they helped me... product - annex III supplier Xylogics 53 Third Avenue Burlington, MA 01803 sorry no telephone No for US. Andyc space reserved for sig bit