Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [LinkSec] Business models still missing for point to point

To: mick_seaman@ieee.org
Subject: Re: [LinkSec] Business models still missing for point to point
From: Norman Finn <nfinn@cisco.com>
Date: Mon, 06 Jan 2003 21:11:44 -0800
CC: stds-802-linksec@ieee.org
References: <000701c2b345$58c3af90$210110ac@corp.telseon.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org


Mick,

I agree with most of your analysis.

As far as the enterprise not needing security to the cube, I'd
ask whether you've ever seen the play / movie "Glengarry, Glenross"?
(I probably spelled that wrong.  It's about salesmen in the same
company cutting each others' throats.)  One doesn't have to pick the
lock to the wiring closet or climb up into the false ceiling in
order to subvert your building's wiring.  Just put a hub on the
floor in your neighbor's cube.  Most high-schoolers are sufficiently
knowledgeable to do that.

The question of whether it is better to hire aggressive people and
control their baser instincts through technology, or to foster a
sense of team pride and mutual support, may have more answers than
you suggest.  :)

-- Norm

Mick Seaman wrote:
> 
> Although the Telseon networks used all of below (point to point, VLANs,
> filtering) we had an ongoing requirement for securely identifying which
> customer was which in the network to prevent hookup mistakes in the field.
> Without authentication and authorisation built into the switches solutions
> to this problem are hokey, like requring each customer to use the
> certificate distributed to that customer for provisioning management access
> to conduct a session from each site so that connectivity could be verified
> before it was fully switched on. Comprehensive deployment of .1X or better
> would have simplified operational practice in our network.
> 
> While I don't think a lot of Norm's scenario in the single enterprise
> context (if you have eavesdroppers and cable rerouters working for you you
> have worse problems) it is a real worry in multi-tenant units which are
> often occupied by professional organizations that are really meant to keep
> there data secure from others who could rent another office in the same
> building.
> 
> Though most of the  current market may live with the current level of
> security (an assertion I find very plausible) very little of the .3ah EPON
> market will.
> 
> Mick
> 
> > -----Original Message-----
> > From: owner-stds-802-linksec@majordomo.ieee.org
> > [mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf Of
> > antti.pietilainen@nokia.com
> > Sent: Friday, January 03, 2003 6:49 AM
> > To: stds-802-linksec@ieee.org
> > Subject: [LinkSec] Business models still missing for point to point
> >
> >
> >
> > Hello all,
> > Usage scenarios for point-to-point networks are still missing
> > business case wise. It is possible that link security in
> > point-to-point case does not make sense. For example, it is
> > being told that 802.10 was used for a while but has not been
> > used after VLAN tagging was standardized. VLAN tagging,
> > source port filtering, and maybe filtering some Ethertypes at
> > access ports may be adequate to achieve high level of
> > security at layer two. For example, in Sweden and in other
> > places, as well, there are well established operators who run
> > IP over Ethernet networks for subscriber access. Probably
> > other L3 protocols may be carried over these L2 segments if
> > required.
> >
> > There are about 80 000 customers in Bredbandsbolaget's
> > network in Stockholm, Sweden. The company has been
> > operational for several years so they can probably cope with
> > the current level of security.
> >
> > Norman Finn brought up in principle a valid point-to-point
> > scenario in the security session in New Orleans. In that
> > scenario cables are run through multiple offices. There is a
> > risk of somebody in one office eavesdropping or inserting a
> > man-in-the-middle box into a cable running to another office.
> > With added L2 security it could be allowed that cables are
> > installed in that way. However, that kind of installation
> > does not really comply with current regulations for
> > installations in buildings. Therefore, I believe that the
> > scenario does not cover a large proportion of the total market.
> >
> > Antti Pietilainen
> > Nokia Research Center
> > P.O. Box 407
> > FIN-00045 NOKIA GROUP
> > Finland
> > tel. +358-(0)71-8036660, fax. +358-(0)71-8036214
> > email: antti.pietilainen@nokia.com
> >
> 
>                                                   ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>                   Name: winmail.dat
>    winmail.dat    Type: application/ms-tnef
>               Encoding: base64

Prev by Date: Re: [LinkSec] Business models still missing for point to point
Next by Date: [LinkSec] Teleconf Notes 1/2/03
Prev by thread: RE: [LinkSec] Business models still missing for point to point
Next by thread: RE: [LinkSec] http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf
Index(es):
- Date
- Thread