chip@vector.UUCP (Chip Rosenthal) (11/03/88)
The discussion now centers around telephone line security, where, in article <telecom-v08i0167m03@vector.UUCP> hobbit@topaz writes: >Some of the better tap detectors claim they can detect a tiny voltage drop >when a high-impedance device is bridged across the line. Of course if it's >already there, TFB. Professional tap detectors normally [...] > [...] Having a TDR helps too... Well, my 2 cents are that having a TDR is very useful iff you have the right type of TDR and know what you're looking for. Clearly, the results of a TDR sweep of a telephone line are useless except for historical review. That is, a TDR will show you the reflectometry at the moment; it does not point out "bugs." Therefore, you take a baseline (hopefully clean) sweep and compare it to later sweeps for changes. The TDR, with a skilled operator, might help locate on-premises tampering (and just about every single legitimate change to the wiring, too; if you use TDRs on-premesis, you MUST use STRICT wire configuration control). The TDR generally won't help you locate tampering off-premesis because of the distance involved (and because the wires are owned by the common carrier and you have no ownership or control of work performed on wires which you don't own). In short, the TDR is useful for many things--but I find it's really useful just for protected wireways. (In this sense, a protected wireway is simply a red circuit in some protected environment, and which, if tapped, would directly provide sensitive data of some degree or other.) Really, folks, if you're thinking of using/having a TDR, think more seriously about investing in good voice or data encrypting hardware like STU-III Type 1 or 2 (available in cellular telephone models by Motorola), or the various DES-based telephones, or (the list is seemingly endless). Remember that telephone lines are inherently insecure, and resign yourself to the fact that NOTHING CAN BE DONE to secure them short of active measures. My point may be arguable, but if you make this assumption at all times, then your risk of improper disclosure is very low. Question for the mailing list: To what degrees are companies setting policies about using or not using the telephone to discuss sensitive corporate matters? I know some companies require the use of encryption for voice or data when the passed information is at a certain sensitivity level or other, but I don't know to what degree this practice is instituted. Kurt F. Sauer Austin, TX