Decoding captured data?

Discussion in 'other security issues & news' started by deadcat, Jul 15, 2004.

Thread Status:
Not open for further replies.
  1. deadcat

    deadcat Registered Member

    Joined:
    Jul 15, 2004
    Posts:
    2
    Hi all, I am new to this forum so I hope this is the correct area. I am a network administrator and I am trying to convince one of our business partners to use a site to site VPN so we can print data over the internet from their AS/400 to a network printer inside of our company. We are PIX firewalled, NAT'd etc. and right now I have them set up to print to a NAT'd addressable internet address. Unfortunately my users are requesting that multiple printers have this capability so I am burning through IP address. Our security department is saying that we need to encrypt the printed data (it is standard port 9100) because it contains member account numbers, addresses, etc. I would like to tell our business partner that a VPN is our preferred solution. Does anyone know if someone captured a print job if they could decode the data? I have captured data I sent to a network printer set up as a standard TCP/IP port on XP and the data looks encrypted but I would guess if I could set the TCP window size correctly and set up a TCP session with the printer I could replay my captured packets and print from my sniffer. What can I tell our business partner to get them to agree to work on getting a VPN set up?

    Any help is greatly appreciated.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas

    Have them look over this page to start with. Link
     
  3. deadcat

    deadcat Registered Member

    Joined:
    Jul 15, 2004
    Posts:
    2
    Thanks for the link, it will be helpful when explaining VPN's to them. Do you know if I am correct in my assumption of being able to recreate the print outs from a data capture? Even though I can't read what I captured isn't it in PCL language or something like that? A VPN would actually encrypt the traffic and make it totally unreadable.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    I don't know the answer to captured data. If strong encryption is used, I would think not.

    Encryption is the only way to go for important data. Even then, who knows what can happen?
     
  5. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear deadcat, welcome to the forum. yes its snoop-able if you don't encrypt. PCL or Postscript leaps into the picture. the thing that confuses me is that you want to implement VPN because you just want secure remote printing. yes VPN makes a lot of sense in this particular case but there are alternatives like JetCAPS from HP or PrintNet from Wipro. the thing about VPN is it'll enable automatic encryption. also there is plethora of VPN solutions to choose from so hopefully you'll find one that suits your need and budget. well if you want robust security than choose the DirectedVPN not TunneledVPN. if you want VPN only and need to convince your superiors then here are they points i'll use.

    1. encyption is always used so its secure even if it is using public WAN.
    2. strong integration with perimeter security e.g. Router or Firewall or your PIX.
    3. cross-platform usability and maps Netware, Radius, ACE, etc database.
    4. supports IPv4, SSL, PPTP, L2TP, SOCKS v5 etc.
    5. supports more secure tokencards or smartcards and even biometrics.
    6. provides secure, scalable and managable solution.
    7. interoperable between various platforms.
    8. transparent at user level and managable through a central server.
    9. BLAH BLAH BLAH

    i can go on and on but i guess you already got the picture. if you need more then tell me i'll blabber even more. all VPN solutions won't cover those points but as the market is flooded with them i'm sure you'll find a lot of choices.
     
  6. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    If your users need to access your partners as/400 and print locally, have a look at ssl-vpn solutions. Have your partner install one of those appliances and your users can use 3270/5250 emulation natively. Lots of these boxes come with terminal emulation on board. Check out F5, Juniper, Aventail.

    When your running a vpn, don't forget your connecting 'untrusted' networks. So always have your security policy enabled and route the communication through a dmz, using a proxy filter.
     
Loading...
Thread Status:
Not open for further replies.