> ... but when watching the protocol analyzer I see ...
IMHO these days Ethernet eavesdropping really isn't much of an issue (despite conventional wisdom:-). Much more dangerous are spyware/trojan keyloggers; server penetration is annother danger.
Eavesdropping on all network traffic from any connection used to be a big problem when network hubs repeated all traffic everywhere. Although Ethernet has changed hugely, the old paranoia remains. Any modern device is
a "switch" (not a "hub") and only directs traffic to the one port it's destined for, so nobody else can eavesdrop.
Of course even with "switches" you should take some reasonable precautions:
1) Ensure whatever you do to get your sniffer to work is inaccessible to users.
2) Keep all network infrastructure physically inaccessible, perhaps by locking the wiring closets.
3) Restrict (password protect and more) and monitor "remote" access to all network infrastructure devices.
4) Keep all servers (Squid, etc.) physically inaccessible.
5) Severely restrict (or disallow altogether) "remote" access to all servers (ex: only SSH and never as root and only with a public/private key).
6) Avoid using those cheap "mini-hubs" (often 5-port) unless you're sure your model really function as switches despite their name.
thanks! -Chuck Kollars
Received on Sun Nov 16 2008 - 18:48:18 MST
This archive was generated by hypermail 2.2.0 : Tue Nov 18 2008 - 12:00:03 MST