305 lines
4.9 KiB
HTML
305 lines
4.9 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Countering interception of telephony links</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Remote Serial Console HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Security"
|
|
HREF="security.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Log attempted access"
|
|
HREF="security-log.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Configuring a kernel to support serial console"
|
|
HREF="kernelcompile.html"></HEAD
|
|
><BODY
|
|
CLASS="SECTION"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Remote Serial Console HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="security-log.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 9. Security</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="kernelcompile.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H1
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="SECURITY-INTERCEPTION"
|
|
></A
|
|
>9.12. Countering interception of telephony links</H1
|
|
><P
|
|
>Modems calls over telephones can be intercepted. This can be
|
|
an issue if you do not trust a telecommunications carrier in your
|
|
call's path, or if you do not trust the law enforcement agencies
|
|
that may request interception facilities from that carrier.</P
|
|
><P
|
|
>International calls are particularly exposed. Calls which
|
|
are routed across satellite or wireless links can be intercepted by
|
|
readily-available radio receivers. Calls routed across undersea
|
|
links are much more expensive to intercept, so this is probably
|
|
limited to national governments, such as those using the <A
|
|
HREF="http://cryptome.org/cryptout.htm#Echelon"
|
|
TARGET="_top"
|
|
>Echelon
|
|
system</A
|
|
>.</P
|
|
><P
|
|
>If you do not pass sensitive data over the link, then the
|
|
major exposure is typing in your user name and password. Look into
|
|
<A
|
|
HREF="http://freshmeat.net/projects/pam_skey/"
|
|
TARGET="_top"
|
|
><SPAN
|
|
CLASS="APPLICATION"
|
|
><SPAN
|
|
CLASS="ACRONYM"
|
|
>S/KEY</SPAN
|
|
></SPAN
|
|
></A
|
|
>
|
|
or look into <A
|
|
HREF="http://inner.net/opie/"
|
|
TARGET="_top"
|
|
><SPAN
|
|
CLASS="APPLICATION"
|
|
><SPAN
|
|
CLASS="ACRONYM"
|
|
>OPIE</SPAN
|
|
></SPAN
|
|
></A
|
|
>
|
|
and its related <A
|
|
HREF="http://www.tho.org/~andy/pam-opie.html"
|
|
TARGET="_top"
|
|
><SPAN
|
|
CLASS="APPLICATION"
|
|
>An
|
|
<SPAN
|
|
CLASS="ACRONYM"
|
|
>OPIE</SPAN
|
|
> for
|
|
<SPAN
|
|
CLASS="ACRONYM"
|
|
>PAM</SPAN
|
|
></SPAN
|
|
></A
|
|
>.</P
|
|
><P
|
|
>These one-time password systems have flaws, a good summary of
|
|
these is <I
|
|
CLASS="CITETITLE"
|
|
>Vulnerabilities in the
|
|
<SPAN
|
|
CLASS="PRODUCTNAME"
|
|
><SPAN
|
|
CLASS="ACRONYM"
|
|
>S/KEY</SPAN
|
|
></SPAN
|
|
> one time
|
|
password system</I
|
|
> by Peiter ‘mudge’
|
|
Zatko.</P
|
|
><DIV
|
|
CLASS="WARNING"
|
|
><A
|
|
NAME="SECURITY-INTERCEPTION-KEYS"
|
|
></A
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="WARNING"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/warning.gif"
|
|
HSPACE="5"
|
|
ALT="Warning"></TD
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="CENTER"
|
|
><B
|
|
>Cryptographic key material</B
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
> </TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Possessing cryptographic key material, such as a one-time
|
|
password generator or list of one-time passwords, is a serious
|
|
criminal offense in some countries.</P
|
|
><P
|
|
>You must acquiant yourself with the laws in your
|
|
jurisdiction and the laws of jurisdictions you may travel
|
|
through.</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="WARNING"
|
|
><A
|
|
NAME="SECURITY-INTERCEPTION-LAW"
|
|
></A
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="WARNING"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/warning.gif"
|
|
HSPACE="5"
|
|
ALT="Warning"></TD
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="CENTER"
|
|
><B
|
|
>Defeating telecommunications interception</B
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
> </TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Taking steps to defeat or avoid legislatively-approved
|
|
telecommunications interception is a serious criminal offense in
|
|
some countries.</P
|
|
><P
|
|
>You must acquiant yourself with the laws in your
|
|
jurisdiction and the laws of jurisdictions you may travel
|
|
through.</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="security-log.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="kernelcompile.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Log attempted access</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="security.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Configuring a kernel to support serial console</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |