In
some sense, the prevention of sniffing by installing hardware barriers may be
considered the last line of defense in a security system. When building
medieval fortresses, the last line of defense was typically the most formidable
but could only protect those who would be left inside after the outer defenses
had been breached.
In dealing with sniffing, the first line of defense is simply not to transmit anything sensitive on the network in the first place.
The local hardware defenses may limit intrusion into the local systems.
However, if authorized users may access those systems from remote locations, one must not transmit sensitive information over remote parts of the Internet lest the information be sniffed somewhere along the way. One extreme that preserves security is simply not to permit access from remote locations.
Also, the most formidable defenses against inward directed attack do nothing to provide for the security of one leaving the area being protected. Legitimate Internet sessions initiated inside a network with those outside must also be protected.
In dealing with sniffing, the first line of defense is simply not to transmit anything sensitive on the network in the first place.
The local hardware defenses may limit intrusion into the local systems.
However, if authorized users may access those systems from remote locations, one must not transmit sensitive information over remote parts of the Internet lest the information be sniffed somewhere along the way. One extreme that preserves security is simply not to permit access from remote locations.
Also, the most formidable defenses against inward directed attack do nothing to provide for the security of one leaving the area being protected. Legitimate Internet sessions initiated inside a network with those outside must also be protected.
The most glaring security hole beyond simple loss of privacy is
the opportunity for a sniffer to gather passwords. The best way to deal with
this problem is simply not to transmit cleartext passwords across the network.
Simply transmitting an encrypted password that could be captured and replayed
by a sniffer is also not acceptable. Several different methods are in use to provide
this kind of protection:
No comments:
Post a Comment