Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Serious Question about Security

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Serious Question about Security

Old 01-20-04, 12:15 AM
  #1  
DVD Talk Platinum Edition
Thread Starter
 
Join Date: Feb 1999
Location: I left my heart in.....South Plainfield, NJ
Posts: 2,998
Likes: 0
Received 0 Likes on 0 Posts
Serious Question about Security

Guys:

Is it possible to use a sniffer to read the contents of confidential documents (saved in Word or Excel, etc.) sent over the wire? For example, as these docs are saved and retrieved to and from a file server?

Also, the idiots that put together our network subdivided our 400 node LAN into nine(!) VLANs. They cited security as a reason...they said that they didn't want PCs from outside the VLAN hacking into the desktop PCs of another VLAN. I want to get rid of the VLANs completely.

Any thoughts?
Old 01-20-04, 01:25 AM
  #2  
Video Gamer Reviewers
 
Join Date: May 2000
Posts: 4,162
Likes: 0
Received 0 Likes on 0 Posts
Yes. (well I believe so)

is your 400 node network located in the same geographical area? or are they physically apart? if apart it sounds like a good choice...

hell even if they are in seperate rooms in the office, different divisions within the company, that probably is a better option. Easy to maintain security and block access to individuals based on what networks they can access, versus blocking by machine.
Old 01-20-04, 04:39 AM
  #3  
DVD Talk Platinum Edition
Thread Starter
 
Join Date: Feb 1999
Location: I left my heart in.....South Plainfield, NJ
Posts: 2,998
Likes: 0
Received 0 Likes on 0 Posts
They are all in the same building. Or rather on the same (small) campus. It's a school.
Old 01-20-04, 07:36 AM
  #4  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by John Sy
They are all in the same building. Or rather on the same (small) campus. It's a school.
The point of VLAN's is to increase the number of broadcast domains, and minimize broadcasts. If you have 400 PC"s on the same segment then that is a lot of broadcasts and ARP requests. Since you are in different buildings it's good to have multiple VLAN's since it will minimize broadcasts across the backbone.

As far as the packet sniffer you could probably sniff a saved document even if you had no VLANs.
Old 01-20-04, 11:02 AM
  #5  
DVD Talk Hero
 
Join Date: Aug 2000
Location: Bartertown due to it having a better economy than where I really live, Buffalo NY
Posts: 29,706
Likes: 0
Received 0 Likes on 0 Posts
if the packet system it uses aren't encrypted then yes, all you'd need is a program designed to show the data portion of the packet type being used by the network

Originally posted by John Sy
Guys:

Is it possible to use a sniffer to read the contents of confidential documents (saved in Word or Excel, etc.) sent over the wire? For example, as these docs are saved and retrieved to and from a file server?

Any thoughts?
Old 01-21-04, 02:54 AM
  #6  
DVD Talk Hero
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,853
Likes: 0
Received 2 Likes on 2 Posts
Re: Serious Question about Security

Originally posted by John Sy
Guys:

Is it possible to use a sniffer to read the contents of confidential documents (saved in Word or Excel, etc.) sent over the wire? For example, as these docs are saved and retrieved to and from a file server?
Well:

1. Word documents use a proprietary format to store the data that differs considerably from plain ol' ASCII text. Even an unencrypted MS-Word document would be somewhat of a challenge to read at the packet level. On the other hand, if all the packets were captured, I suppose it would be possible to recreate the file at a bit level. Dunno, never tried it.

2. As al_bundy pointed out, the point of VLANS is to reduce the number of broadcast domains. This has an obvious network efficiency advantage and also has an inherent security advantage in the sense that it helps mitigate the risks of evildoers launching DOS type attacks against your networks (the infamous "Smurf" attack, among others).

3. On switched networks, each switch port is its own collision domain. As such, you can't just plug a PC in and start sniffing Word documents going between two other systems on the network. To sniff effectively at all, the person would have to be able to plug in on a SPAN port on a switch or on the backbone somewhere. You can mostly mitigate that risk with a few physical security considerations.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.