home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cs.utexas.edu!zaphod.mps.ohio-state.edu!usc!usc!not-for-mail
- From: merlin@neuro.usc.edu (merlin)
- Newsgroups: alt.security
- Subject: Re: Lan watchers and sniffers
- Date: 12 Nov 1992 03:51:08 -0800
- Organization: University of Southern California, Los Angeles, CA
- Lines: 27
- Distribution: alt
- Message-ID: <1dtgfcINN28a@neuro.usc.edu>
- References: <BxHts7.3s2@minerva1.bull.it>
- NNTP-Posting-Host: neuro.usc.edu
-
- In article <BxHts7.3s2@minerva1.bull.it> alexb@minerva1.bull.it (Alessandro Bottonelli) writes:
- >ANYONE OUT THERE HAD ANY EXPERIENCE WITH PROTECTING LANS OF LARGE
- >ORGANIZATIONS FROM LAN SNIFFERS ???
-
- Make LAN sniffing -- particularly password snooping -- a terminal
- offense -- issue written notices such snooping will result in the
- immediate dismissal of the responsible parties.
-
- Divide your ethernet up into several segments using smart routers
- -- isolate sensitive people/machines onto a relatively secure leg
- of your ethernet -- put known snoopers on their own isolated leg.
-
- Forbid indescriminant ethernet snooping -- only permit monitoring
- for debugging purposes when filtering for some specific source and
- destination address -- forbid packet sniffing by pc's -- require
- all packet sniffing to be done via authorized accounts on audited
- host systems such as sun systems with full logging turned on.
-
- ------------------------------------------------------------------------------
- Alexander-James Annala
- Principal Investigator
- Neuroscience Image Analysis Network
- HEDCO Neuroscience Building, Fifth Floor
- University of Southern California
- University Park
- Los Angeles, CA 90089-2520
- ------------------------------------------------------------------------------
-
