Firewall Wizards mailing list archives

RE: Frame relay security

From: "Brock, Todd A" <brockt () uf9307p01 BirminghamAL ncr com>
Date: Mon, 20 Apr 1998 10:32:04 -0400

+Uncloak+

I too would be REAL interested in any responses to this inquiry.  Because I
am VERY doubtful that there will be any but purely anecdotal response
supporting the assumption of insecurity or known hacks or eavesdropping etc.
on a Frame link.  IMHO  if you think Frame is insecure, then you might as
well assume that ALL public telecommunication is. (This includes "private"
leased lines).

BTW, I have no affiliation with any Telco or related blah, blah...

T. Brock

+Cloak+

        David Lyndon wrote:

        >I am working on a very big job where we are putting in firewalls in
        >three datacenters on three continents. Bigcorp currently has all
its
        >intersite traffic going over Frame relay world wide and does not
encrypt
        >it. We said, that is a very bad idea as your data has a very high
value
        >if it gets out ahead of the announcements. You should encrypt it,
better
        >than that you should put your site to site traffic through these
nice
        >firewalls that we are putting in for you and not only encrypt it
but use
        >the firewalls to control access between sites.
        >
        >They said, we asked our frame relay provider if they are secure and
they
        >said yes and we believe them. I said, they can say that but I dont
        >believe it for a minute.
        >
        >
        >So to cut a long and tedious conversation short I would very much
like
        >to hear from anyone stories of how frame relay connections have
been
        >tampered with so that the traffic can be listened to. Listening is
        >enough, the data does not have to be changed.
        >
        >EG. A long time ago I heard a story of how an ISDN connection
between
        >two sites was listened to by sending in a false maintenance note
that
        >meant that the engineer put the switch into maintence mode. Mr
        >evesdropper then was able to connect to the maintence interface of
the
        >switch and listen to everything going past.
        >
        >Any info would be good, specifics cases with names changed to
protect
        >the non so innocent would be better. Please feel free to send me
        >specifics under cover of the woefully inadaquate export grade SMIME
key.
        >For the truly paranoid you can find a mans strength key at
        >www.belsign.com
        >
        >www.belsign.com
        >
        >Thanks for your time.
        >
        >
        >Lyndon David
        >

Current thread:

Frame relay security Lyndon David (Apr 20)
- Re: Frame relay security Jeff Sedayao (Apr 20)
  - Re: Frame relay security Michael Shields (Apr 27)
- Re: Frame relay security cbrenton (Apr 20)
- <Possible follow-ups>
- RE: Frame relay security Brock, Todd A (Apr 20)
  - RE: Frame relay security Rick Smith (Apr 22)
    - RE: Frame relay security Henry Hertz Hobbit (Apr 22)
    - RE: Frame relay security Rick Smith (Apr 22)
    - RE: Frame relay security Vin McLellan (Apr 22)
- re: frame relay security -= ArkanoiD =- (Apr 26)