Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

security question

Status
Not open for further replies.
alan123

alan123

MIS
Joined
Oct 17, 2002
Messages
149
Location
US
On internet we have 128bit SSL technology to provide secure data transmission, how about on telephone? when we enter personal confidential number(such as SSN, credit card number etc.) through telephone, are those data easily be taped and read by someone?
I'm just curious for security on telephone line.
 
Sort by date Sort by votes
It depends.

Spoken voice: Easily intercepted & understood.

Touch-tone (DTMF): Same as voice.

Fax: Same as voice.

Modem (PPTP, etc): Same as voice (note: includes unencrypted email, ordinary web browsing, telnet, etc)

SSL over Modem: Can be intercepted, but very difficult to break (requires resources of major government)

SSH over dial-up: same as SSL

PGP/GPG encrypted email: same as SSL

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
While I generally agree with ChipH's response, I must iterate that telephone line audio is more difficult to access remotely than IP data. Certainly not impossible, and it is trivial if you have physical access to the local loop of the target.

And all encryption technologies are susceptible to man-in-the-middle attacks. Let's face it, how frequently do you verify that the cert that you received is the actual cert you expected?

But in all of these cases, the data is far more likely to be accessed when it is at rest, than in transit. If I am interested in your banking information, I am more likely to attack the bank's server or your home machine than to attempt to decipher the encypted data in transit or to tap your phone line. Mainly because I get more information for less work (your banking information, plus anyone else's in the database).

And deciphering modem data is non-trivial at rates greater than 2400 bps because of the phase-shift-keying that is in use. To decipher it properly, you need to be in the 4-wire portion of the network, or you need to install your own hybrid. The data traveling in each direction uses the same frequency space, so you must separate the two directional components. Only the actual subscriber loop is 2-wire, so now you must either collect the data after the SLC (where it is multiplexed to a DS-1 rate) or in the CO switch itself.


pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question Question
Cisco ASA - VPN Question
Replies
6
Views
1K
intel233
intel233
gbayi_omo
  • Locked
  • Question Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
329
gbayi_omo
gbayi_omo
abhi21
  • Locked
  • Question Question
Interesting article on Cyber Security
Replies
0
Views
268
abhi21
abhi21
NoCoolHandle
  • Locked
  • Question Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
294
ChrisHirst
ChrisHirst
jfp23
  • Locked
  • Question Question
Site to Site VPN Security
Replies
2
Views
355
PScottC
PScottC

Part and Inventory Search

Sponsor

Back
Top