Educause Security Discussion mailing list archives
Re: Risks of File Transfer on a Fully Switched Network
From: Bradley Ellis <Bradley.Ellis () ITS MONASH EDU AU>
Date: Thu, 1 Dec 2005 14:21:04 +1100
Hi All, It seems that we have agreement that switches are fallable. I'd suggest that consideration is given to the data itself to determine if encryption is required. Some data types have requirements imposed on them that require additional controls. Other types do not require this level of protection and the resources required to provide it. One thing to bear in mind is that encryption will slow the data flow - we found on a P3-1Ghz machine that with SSL data throughput dropped from around 10Mbytes/sec (clear text) to around 500Kbytes/sec. While this is not a current system, it does give an idea of the load, and even faster cpu's will only see a linear scaling of the traffic rate - P4-3Ghz might see 1.5Mbytes/sec of encrypted traffic. While SSL and IPSec are different, they both use crypto ciphers, and from memory the SSL in question would have been 3DES and not AES. Hopefully this helps, Regards, Brad. -- Bradley Ellis Senior IT Security Officer, Infrastructure Services Information Technology Services, Monash University - Clayton Phone: 9905 1383
-----Original Message----- From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] Sent: Wednesday, 30 November 2005 6:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Risks of File Transfer on a Fully Switched Network I am being told that the risk of transferring sensitive files over our InTRAnet is so low that we should not require encryption for these internal file transfers. Transferring over the Internet in the clear is clearly a problem, but are others willing to share your position on the transmission of sensitive data in the clear internally (assuming a fully switched network)?? Thanks... Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC Director, IT Security, Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu Office: 401-863-7266 PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB> PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB
Current thread:
- Re: Risks of File Transfer on a Fully Switched Network, (continued)
- Re: Risks of File Transfer on a Fully Switched Network Richard Gadsden (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network David Gillett (Nov 29)
- Re: Risks of File Transfer on a Fully Switched Network Chad McDonald (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network wcon (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network jack suess (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Dunker, Mary (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Flynn (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Huba Leidenfrost (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Russell Fulton (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Bradley Ellis (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Cal Frye (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Scholz, Greg (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Robert Kerr (Dec 02)
- Re: Risks of File Transfer on a Fully Switched Network Alan Amesbury (Dec 06)