From: Church, Charles (cchurc05@harris.com)
Date: Wed Jan 02 2008 - 17:29:51 ARST
Qingli,
What are you trying to protect? T1 traffic to/from the
internet, or private T1s to other locations? A T1 can be tapped not
only inside the building, but also at the street, in a CO, in a manhole,
etc. If you're concerned about normal internet traffic, you probably
don't need to be. Most sensitive stuff on the web uses SSL. If you're
using the internet for business-type traffic between company locations,
you want to encrypt it (site to site VPN). If you're using private T1s
between locations, and the traffic is sensitive enough to worry about
(bank or other company data, medical data, customer data), you probably
want to encrypt that too.
Chuck
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Qingli Gao
Sent: Wednesday, January 02, 2008 1:48 PM
To: ccielab@groupstudy.com
Subject: OT-- network security in big building
Hi All, Happy new year!
Recently I am working on a risk assessment for some branch offices for a
Company. Those branch offices are all located in a big/high building
around
the world.
It seems pretty standard that each building has a communication room
that
terminate the out side circuit and then extend the circuit to the actual
office location/floor.
I am curious that how can we trust a building's security system/policy.
Since most circuit will deliver internal traffic without encryption. It
is
not that hard to tap a T1/E1 line at all.
Any comments will be appreciated. I am wondering if this is the same
case
everywhere.
Qingli
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:57 ARST