Educause Security Discussion mailing list archives

Re: Risks of File Transfer on a Fully Switched Network

From: Bradley Ellis <Bradley.Ellis () ITS MONASH EDU AU>
Date: Thu, 1 Dec 2005 14:21:04 +1100

Hi All,

It seems that we have agreement that switches are fallable.

I'd suggest that consideration is given to the data itself
to determine if encryption is required.

Some data types have requirements imposed on them that require
additional controls. Other types do not require this level of
protection and the resources required to provide it.

One thing to bear in mind is that encryption will slow the data
flow - we found on a P3-1Ghz machine that with SSL data
throughput dropped from around 10Mbytes/sec (clear text) to around
500Kbytes/sec.

While this is not a current system, it does give an idea of the load,
and even faster cpu's will only see a linear scaling of the traffic
rate - P4-3Ghz might see 1.5Mbytes/sec of encrypted traffic.

While SSL and IPSec are different, they both use crypto ciphers, and
from memory the SSL in question would have been 3DES and not AES.

Hopefully this helps,

Regards,
Brad.
--
Bradley Ellis
Senior IT Security Officer, Infrastructure Services
Information Technology Services, Monash University - Clayton
Phone:  9905 1383

-----Original Message-----
From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU]
Sent: Wednesday, 30 November 2005 6:28 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Risks of File Transfer on a Fully Switched Network

I am being told that the risk of transferring sensitive files
over our InTRAnet is so low that we should not require
encryption for these internal file transfers. Transferring
over the Internet in the clear is clearly a problem, but are
others willing to share your position on the transmission of
sensitive data in the clear internally (assuming a fully
switched network)??

Thanks...

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC Director, IT
Security, Brown University Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
Office: 401-863-7266
PGP Key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB>
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB>
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB

Current thread:

Re: Risks of File Transfer on a Fully Switched Network, (continued)
- Re: Risks of File Transfer on a Fully Switched Network Richard Gadsden (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network David Gillett (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Chad McDonald (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network wcon (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network jack suess (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Dunker, Mary (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Flynn (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Huba Leidenfrost (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Russell Fulton (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Bradley Ellis (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Cal Frye (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Scholz, Greg (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Robert Kerr (Dec 02)
- Re: Risks of File Transfer on a Fully Switched Network Alan Amesbury (Dec 06)