Is there any _real_ risk of clear-text passwords, transmitted over a
dial-up PPP connection, being captured?
What I mean is, assuming that the host side is suitably secured (i.e.
modem pool, authenticating host, etc, in a "safe" computer room; and
trustworthy people administrating it). Given the principle of "value of
possible information gathered being worthy of the amount of effort to
gather it" being applied, it would seem to me that this is not a high (
or even medium) risk area.
Am I way off base here or what?
The following binary file has been uuencoded to ensure successful
transmission. Use UUDECODE to extract.
begin 600 WINMAIL.DAT
<encoded_portion_removed>
end
>> dial-up PPP connection, being captured?
>>
>> What I mean is, assuming that the host side is suitably secured (i.e.
>> modem pool, authenticating host, etc, in a "safe" computer room; and
>> trustworthy people administrating it). Given the principle of "value
of
>> possible information gathered being worthy of the amount of effort to
>> gather it" being applied, it would seem to me that this is not a high
(
>> or even medium) risk area.
>>
Snip
>First, I must ask, is the host WindowNT or Unix? but in both cases, if
>there was a service(NT) or deamon(Unix) running designed to monitor the
>dial-up PPP connects, I believe there can be some risk.
I think that you may have missed the point here ;-). I made an
assumption that the Host side was within a "security perimeter". For
this exercise, I assume that nobody is getting in through the Host to
look at the incoming connection. So.. the type of Host should not
matter.
IMO, there is very little risk of any snooping happening between the
dialer (remote user) and the dialee (host modem).
Best regards,
Todd