Re: Connecting satellite locations via the Internet -- MIDRANGE-L

Lurton,

I'm not picking on you, I happen to agree, but your post just happened
to be the last on the thread for me to hit the "reply" button on..... so
here goes.

RANT(*ON) WARNING(*GIVEN) 

Booth has repeatedly made the very lucid point; "So someone taps your
sales literature."  It's up for public display anyway!

The internet is an information transport vehicle.  So are fax machines,
so are dedicated leased lines, so are cell phones, so are smoke signals
and bongo drums. ;-)

Why is the world so paranoid over internet packet sniffing and not voice
line tapping?  IMHO, more damaging information is passed over a voice
line then any other transport mechanism, but we don't 128 bit encrypt
voice traffic as a standard business practice.

Oh, I almost forgot, you're a publicly traded company and someone taps
into a transmit of a balance sheet that you are required by law to
publicly disclose anyway. Whaa, or your competition finds out that Betty
in shipping was absent today.  The world as we know it has come to an
end!

In all actuality the biggest threat, IMHO, is DOS (Denial Of Service)
attacks where someone uses your machine to flood a bulk emailing, hiding
their point of origin and sucking up all of your bandwidth.

OK, someone finds out that you were stupid enough to use port 23 for
telnet, sort of like leaving the standard QSECOFR profile and password
active, but you're clever and disabled QSECOFR and by pure dumb luck
they manage to work out a 10 character user id and 10 character password
(20 to the 36th power (37th if you include blank)) within three
attempts.  And by really big dumb luck they actually get the ownership
profile!

Sure, it is within the world of possibilities.  It's also possible for
me to win tomorrow's Lotto.  The question is: Is it within the world of
probable.  If you've read the stats, I have a better chance of getting
hit by lightning (twice!) then winning the Lotto.

So when you read the "exposure" from a security audit, the first
question should be: "So? And you're point would be?"  Let's see if I've
got this right ... I drive to work, I have therefore "exposed" myself to
a 1/10,000,000 (blind number pulled out of thin air ... for point of
discussion/example only) chance in having a fatal accident on the way. 
And as a result of this "exposure" I am advised (or right out told "do
it or fail the audit") to have armored transport to "guarantee" my
security.  Oh, sorry, there is NO guarantee, but I could change the odds
to 1/10,010,000 by doubling/tripling the cost of transport.  Makes good
business sense to me! 

RANT(*DONE) WARNING(*SAME)

One size does not fit all, and in this day and age we have a whole bunch
of choices.  Whatever cost one is willing to endure to provide a
peaceful night's sleep IMO is the "right" solution.

Personally I would not recommend public transport
(internet/phone/postal) of critical information any more than I would
permit spooling of checks.  The question then becomes the cost of
security vs the exposure to damage.  The key word being "damage".  And
as Booth said: "So they tapped your sales literature."  Heck, they might
even be impressed enough to buy it!

IMO, the appropriate security applies to the data being transported. 
I'm willing to bet that the majority can be transported via the same
security used for voice communications.  The rest scales up from there
to "face to face, kill all living witness'".

James W. Kilgore
email@James-W-Kilgore.com


Lurton Keel wrote:
> 
> I guess I am not too trusting of cyberpunks or anyone else to not bother my
> systems.
> 
> I am also fearful of the repercussions if someone does bother my systems,
> however remote.
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---