ISDN line security

Printable View

January 8th, 2004, 03:29 PM
elrey103

ISDN line security

I work for a company in which security is crucial (financial institutions) - and we have a host processor (meaning we send out work to them to process and create the files needed for our bank software).

Our host is trying to get all of the banks using them to get an ISDN line backup in the event that our T1 lines go down. When I called to order an ISDN line from Verizon (who I'm sure everyone knows) - the gentleman on the other end went completely off on me explaining that this would be a huge security risk...that no matter what type of ISDN line we would get (as I know there are a few types) - it would still be going through the public sector lines to reach our host - and this would be bad...

We've had security issues before with our host - and this could be the end of the relationship of they are willing to offer this without telling us of the huge security risk...it would be a huge oversite...or am I and the gentleman from Verizon missing something?
January 8th, 2004, 03:44 PM
Maestr0

If you are using a T1 currently, then you are most likely already using public sector lines. We are talking about the internet right? Or do you have a dedicated T1 connection from you to your host processor? (This seems unlikely to me)

-Maestr0
January 8th, 2004, 03:50 PM
elrey103

We have dedicated a dedicated connection to our host - and dedicated lines connecting our branches to our main branch (which in turn connects to them for the data exchange).
January 8th, 2004, 04:21 PM
tekno

Did the Verizon tech explain why it was a security risk?

you didnt happen to call them on a friday did you? :p

The only thing i can think of that might help you with security might be something like a callback, when one site dials up to the host, and the host hangs up and calls the other end back.

Not sure if its possible to do on ISDN, although I can't see why it wouldn't be possible.

just an idea
January 8th, 2004, 05:11 PM
SirDice

Seems pretty simple to me. Just use IPSec to create a tunnel end to end. It doesn't matter where and how this tunnel gets transported (isdn, atm, pots etc.) noone will be able to eavesdrop.

NB sending unencrypted financial data over an T1 connection is just as bad as doing it over an ISDN line. I know, we encrypt all our WAN links because we use a third party for our WAN infrastructure.