home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.dcom.modems:19777 alt.security:5339
- Path: sparky!uunet!gatech!rpi!crdgw1!rdsunx.crd.ge.com!ariel!davidsen
- From: davidsen@ariel.crd.GE.COM (william E Davidsen)
- Newsgroups: comp.dcom.modems,alt.security
- Subject: Re: Caller ID products?
- Message-ID: <1993Jan21.173344.4911@crd.ge.com>
- Date: 21 Jan 93 17:33:44 GMT
- References: <C0wu1q.GK0@wsrcc.com> <1993Jan18.172024.20690@ssc.com> <1993Jan19.160818.8276@crd.ge.com> <1993Jan20.172626.11028@bernina.ethz.ch>
- Sender: usenet@crd.ge.com (Required for NNTP)
- Reply-To: davidsen@crd.ge.com (bill davidsen)
- Organization: GE Corporate R&D Center, Schenectady NY
- Lines: 22
- Nntp-Posting-Host: ariel.crd.ge.com
-
- In article <1993Jan20.172626.11028@bernina.ethz.ch>, waldvoge@nessie.cs.id.ethz.ch (Marcel Waldvogel) writes:
-
- | That's ok for most of us. But, dialling back on the same line as the
- | call came in isn't secure (at least not on analog lines, I don't know
- | about ISDN).
-
- There's no absolute security, you just start at a locked room with
- armed guards, isolated power supply, magnetic shielding, and retinal
- print ID of users entering the room. Then you work down the scale until
- you get to something cost effective for your application.
-
- Callback makes it *harder* to get access to a system, not impossible.
- It keeps the person who gets a number and password from getting in. It
- means the cracker needs more info and expertise to get access. Rejecting
- something because it's not perfect is not something I recommend, unless
- you can get something better which is still cost effective. Doil-out
- only lines are a fairly large investment for the typical users who isn't
- being attacked by trained, dedicated, and well financed individuals.
-
- --
- bill davidsen, GE Corp. R&D Center; Box 8; Schenectady NY 12345
- Keyboard controller has been disabled, press F1 to continue.
-
