|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sniffer/promisc detector
On Sat, 17 Jan 2004 11:30:13 PST, Donovan Hill said: > Maybe this is just a stupid comment, but if the original poster is that > concerned with their LAN being sniffed, then maybe they should consider using > IPSec on their LAN. Amen to that. It's actually easier to sleep at night if you start off with the assumption that every single packet is received by both the intended recipient and the entity you *least* want getting said packet, and then designing your communications accordingly.. Similarly for spoofed and MITM attacks - assume they WILL happen, and plan accordingly. Proper use of IPSec/OpenSSH/OpenSSL, with key/cert checking as appropriate, goes a LONG way to raising the bar WAY up on the attacker. Just don't forget about endpoint security - waay too many sites deploy OpenSSL so credit card info can't be sniffed, and then leave the suckers in plaintext on the web server. :) Attachment:
pgp00016.pgp
|