[32520] in North American Network Operators' Group
RE: Carnivore Update - Public Does Not Care
daemon@ATHENA.MIT.EDU (Quark Physics)
Sun Nov 26 20:45:19 2000
Date: Sun, 26 Nov 2000 21:24:23 -0500 (EST)
From: Quark Physics <meuon@highertech.net>
To: Roeland Meyer <rmeyer@mhsc.com>
Cc: "'Frater M.A.Ch.H. 999'" <azoth@occult.net>, nanog@merit.edu
In-Reply-To: <47FE39302BF73B4C93BC84B87341282C1F71@condor.lvrmr.mhsc.com>
Message-ID: <Pine.LNX.4.10.10011262116570.2926-100000@home.highertech.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> > 5% - Hardware encryption, leased line, keys for hardware encryption
> > and passwords delivered in seperate parts by different people
> > after identity verification. No physical connections to gateway
> > systems. (Federal Reserve, Chase Manhatten Bank...)
>
> The unknown tier, many of them are banks where minimum security is a
> regulatory thing. It's a part of doing business. I'm not sure, that if left
> to their own devices, that they wouldn't join the majority in in their
> apathy.
We were actually suprised that the good banks are pretty tight and without
real regulations that say exactly what to do. In technology reviews, we've
been asked about Van Eck sniffing, encrypting data while in RAM, and some
pretty impressive other stuff. Of course the bank is the one with the
money at stake. What worries me, is my experience with corporate style IT
management tells me they only get that paranoid after being burned a few
times. Must have been some expensive lessons. --Mike--
