[geeks] How many of you can read this?

David Cantrell geeks at sunhelp.org
Thu Mar 15 15:27:10 CST 2001 

On Thu, Mar 15, 2001 at 12:55:02PM -0800, Christopher Byrne wrote:

> Mike Nicewonger wrote:
> 
> > What is everybody's fascination with encryption anyway. :|
> 
> Well I dont know about you Mike, but I make my living at it ;-)

I'm a security conslutant (or is it insultant, I'm not sure) in my day job
too - I spend maybe 70% of the time on security things, 30% on Magic With
Perl.  However, I see encryption as being only a very small part of that.
There's no point encrypting if anyone can ring the helldesk and get a
password, for example.

I don't tend to recommend pgp/gpg to people, as it's a *real* pain to use
with most end-user tools - how many non-geeks do you know who would be
able to use a pgp-friendly MUA like mutt?  Instead, I like to use
encryption products which are transparent to the user.

stunnel/sslwrap for SSL-ising plain-text protocols like IMAP and POP (I
run them on a local server, so the user thinks they're connecting to
a local IMAP server when it is in fact just the end of an encrypted tunnel
to a server elsewhere), and ipsec for connecting remote offices.

The company I work for provides broadband satellite services using the
satellite in both directions.  Our current beta-test system is running
in the clear (not my fault - they rolled it out before I joined :-) but
it is my intention to run everything between the client site and our
central site in London over ipsec.  This is essential, as even though
the satellite transmits over fairly tight spot beams, those 'fairly tight'
beams are still covering two or three countries each by the time they get to
earth - and there is therefore the danger of other people with appropriate
equipment snooping.  Admittedly, it would require some fairly specialised
equipment and lots of expertise, but that's not hard to get, and securing
the channel is *really* cheap.  Knowing my luck, it won't end up as part
of our standard offering but will be sold as a 'value added service'.
Blech!

Of course, I ain't talking for the company in the above ...

-- 
David Cantrell | root at alphacomplex.org | http://www.cantrell.org.uk/david/

    This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

More information about the geeks mailing list