<HTML ><HEAD ><TITLE >Countering interception of telephony links</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Remote Serial Console HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Security" HREF="security.html"><LINK REL="PREVIOUS" TITLE="Log attempted access" HREF="security-log.html"><LINK REL="NEXT" TITLE="Configuring a kernel to support serial console" HREF="kernelcompile.html"></HEAD ><BODY CLASS="SECTION" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Remote Serial Console HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="security-log.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 9. Security</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="kernelcompile.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECTION" ><H1 CLASS="SECTION" ><A NAME="SECURITY-INTERCEPTION" ></A >9.12. Countering interception of telephony links</H1 ><P >Modems calls over telephones can be intercepted. This can be an issue if you do not trust a telecommunications carrier in your call's path, or if you do not trust the law enforcement agencies that may request interception facilities from that carrier.</P ><P >International calls are particularly exposed. Calls which are routed across satellite or wireless links can be intercepted by readily-available radio receivers. Calls routed across undersea links are much more expensive to intercept, so this is probably limited to national governments, such as those using the <A HREF="http://cryptome.org/cryptout.htm#Echelon" TARGET="_top" >Echelon system</A >.</P ><P >If you do not pass sensitive data over the link, then the major exposure is typing in your user name and password. Look into <A HREF="http://freshmeat.net/projects/pam_skey/" TARGET="_top" ><SPAN CLASS="APPLICATION" ><SPAN CLASS="ACRONYM" >S/KEY</SPAN ></SPAN ></A > or look into <A HREF="http://inner.net/opie/" TARGET="_top" ><SPAN CLASS="APPLICATION" ><SPAN CLASS="ACRONYM" >OPIE</SPAN ></SPAN ></A > and its related <A HREF="http://www.tho.org/~andy/pam-opie.html" TARGET="_top" ><SPAN CLASS="APPLICATION" >An <SPAN CLASS="ACRONYM" >OPIE</SPAN > for <SPAN CLASS="ACRONYM" >PAM</SPAN ></SPAN ></A >.</P ><P >These one-time password systems have flaws, a good summary of these is <I CLASS="CITETITLE" >Vulnerabilities in the <SPAN CLASS="PRODUCTNAME" ><SPAN CLASS="ACRONYM" >S/KEY</SPAN ></SPAN > one time password system</I > by Peiter ‘mudge’ Zatko.</P ><DIV CLASS="WARNING" ><A NAME="SECURITY-INTERCEPTION-KEYS" ></A ><P ></P ><TABLE CLASS="WARNING" WIDTH="100%" BORDER="0" ><TR ><TD WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG SRC="../images/warning.gif" HSPACE="5" ALT="Warning"></TD ><TH ALIGN="LEFT" VALIGN="CENTER" ><B >Cryptographic key material</B ></TH ></TR ><TR ><TD > </TD ><TD ALIGN="LEFT" VALIGN="TOP" ><P >Possessing cryptographic key material, such as a one-time password generator or list of one-time passwords, is a serious criminal offense in some countries.</P ><P >You must acquiant yourself with the laws in your jurisdiction and the laws of jurisdictions you may travel through.</P ></TD ></TR ></TABLE ></DIV ><DIV CLASS="WARNING" ><A NAME="SECURITY-INTERCEPTION-LAW" ></A ><P ></P ><TABLE CLASS="WARNING" WIDTH="100%" BORDER="0" ><TR ><TD WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG SRC="../images/warning.gif" HSPACE="5" ALT="Warning"></TD ><TH ALIGN="LEFT" VALIGN="CENTER" ><B >Defeating telecommunications interception</B ></TH ></TR ><TR ><TD > </TD ><TD ALIGN="LEFT" VALIGN="TOP" ><P >Taking steps to defeat or avoid legislatively-approved telecommunications interception is a serious criminal offense in some countries.</P ><P >You must acquiant yourself with the laws in your jurisdiction and the laws of jurisdictions you may travel through.</P ></TD ></TR ></TABLE ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="security-log.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="kernelcompile.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Log attempted access</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="security.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Configuring a kernel to support serial console</TD ></TR ></TABLE ></DIV ></BODY ></HTML >