[ILUG] [ot] secure sites
Gavin McCullagh
gavin at fiachra.ucd.ie
Thu Nov 1 14:14:47 GMT 2001
On Thu, 01 Nov 2001, Fergal Daly wrote:
> On Thu, Nov 01, 2001 at 01:14:19PM +0000, Gavin McCullagh wrote:
> > Well if the subnet you sit on is not switched, the others on the subnet
> > could do it either. That's important in some places (eg a college,
> > internet cafe, library). Lot's of very dodgy people playing with stuff on
> > the UCD network. Not to mention the number of undiscovered hacked
> > machines which outsiders have effective control over.
>
> Aboslutely but then again I think not being switch would be far worse at the
> server end than the client end. The difference being that the percentage of
> sensitive info travelling to the server (from all over the world) is
> relatively high and when you write your traffic analyser, you know what urls
> and what fields your looking for.
Wel in fairness if we're talking about an SSL server that's taking credit
card orders, I'd assume it'd be switched as much for bandwidth to it's
database server as anything else.
If you're talking about someone who can get onto the subnet of the web
server and have permissions to go into promiscous mode then I'd say he's
either:
* A dodgy dishonest sysadmin or
* they have a net/sysadmin who is crap and hasn't stopped anyone else from
doing this
In either case, I wouldn't be happy sending my credit card info to be
stored on their machines by ssl or otherwise. Chances are the guy has
acces to the db too.
> Whereas on a college network, there's mountains of crap floating around
tell me about it!
Gavin
More information about the ILUG
mailing list