Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security of public network?



Scott,

IMHO, if it needs to be secure, don't transmit it over a network.
If you must transmit it, encrypt it.

To encrypt, you can encrypt your transmission media, AND encrypt your
message.
Like, encrypt your email, and only transfer the file that contains the email
over an
encrypted tunnel.

Still, if it goes into the hands of another vendor (think TimeWarner,
Comcast, ATT, etc)
ASSUME it is not encrypted and available for others to read out of the
'ethers' of the
internet.

There are 'secured networks' available for a price.  I have used S.W.I.F.T.
( swift.com )
when working for a bank in the past.  They are the private consortium that
the EU chose
to implement the EU version of the US FedWire network that the USA uses to
transfer
money between bank and the federal reserve.

Some banks are also on SWIFT and can send secured messages, including wire
transfers,
internationally (or domestically).

Neither SWIFT or FedWire are 'plug and play' solutions.  In general, each
uses
regular 'last mile' solutions (ususally redundant), but the routers on each
end are
encrypting routers, that only tend to do point to point communications.

SWIFT changed over a few years ago to using a private secured world wide
IP network.

As you can tell, I was impressed with SWIFT, their support, and training.
Swift also has a 'secured commercial' product, to allow corporations to have
secured
IP communications.  It does NOT go over the open internet.

Media that SWIFT uses, for us (very low traffic) was ISDN and used Netscreen
encrypting
endpoint routers.  The ISDN dialed into their 'secured hubs', and went out
onto their network
from there (similar to a dial-up ISP, but totally encrypted).  Their
products increased to frac-T1's,
full T and D type network connections, and I am sure others.  But don't
expect to pay
'commodity networking' prices either.

The preferred carrier for SWIFT is your local telco, and they get it onto an
AT&T based
system 'quickly' to get it into the secured SWIFT network.  BTW, SWIFT is
owned by member
banks and is based in Belgum.  It is not a governmental entity (officially
or legally).

All this is to say that FedWire is also a secured (butI I think it is still
SDLC rather than IP based),
and is not available outside the banking world.

Many large companies run their own networks if they consider it is needed
and have for many
years, but going over common carriers for IP is becoming more common, and
just encrypting
their traffic using secured tunnels.  Many Cisco and NetScreen (and others)
provide 'encrypting
routers' so you don't need another 'secured server' to do it for you.

I hope this helps a little.

IHS ... Jack


On Jun 30, 2009, at 7:47 AM, Scott Ehrlich wrote:
> > Do they have equal weight when it comes to security of residential
> > communication, and the customer can boil it down to price?
>






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org