----- Original Message -----
From: "Claudio Valderrama C." <cvalde@...>
To: <ib-architect@egroups.com>
Sent: Friday, January 19, 2001 3:09 AM
Subject: [IB-Architect] Security pieces
<snip>
>
> - Data transmission: some people want the whole data communication to
happen
> encrypted, too. I think we can leave this issue to a third party package.
> There's already one that I've linked from my site but I have no experience
> with it. At least in a LAN or in a web server requesting data from the db
> server, is it mandatory to have encrypted data exchange as a built-in
> feature on the server? Personally, I would try by all means to not put the
> db engine in direct contact with the Internet, so data scrambling is not
my
> top priority, since it will be traveling inside an intranet.
>
<snip>
Claudio, the main problem here is in data transmission inside a company.
Having been working on security aspects of a project for quite some time
(you do get to be paranoid) I know the kind of damage clear text data
transfer over the net can cause. A person from my security group (which you
could call a professional Hacker) can get a hold of Network passwords,
database data, get access to the company mainframe, reconfigure servers, in
a few minutes. Why? Because he can intercept data on the network using the
correct tools and just read such important info from the wire.
I agree that it is not mandatory. I might even be implemented as a separate
module for people who think they don't need it.
Are you aware that over 80% of attacks or theft of data start inside the
company?