Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Furthermore, while it would be possible to block repeated attempts at unauthorized access, and alert an administrator, the system that Cross analyzed isn’t designed to do so. And finally, although Cisco recommends that encryption be used, the system doesn’t require it. Without encryption, Cross says, it’s impossible for a lawful intercept system to function safely.

Cross suggests that simple changes to the SNMP protocol could make it much more secure. He also calls for companies to implement the system in a more secure way–by separating lawful intercept requests from regular network management traffic, encrypting data, and enforcing stricter controls over where requests come from and where intercepted data is sent.

Jennifer Greeson Dunn, communications director for Cisco, says the company published its lawful intercept infrastructure in 2004 so that it could receive this type of peer review. She also says that Cisco has already addressed many of the software and hardware vulnerabilities that Cross has found. She adds that Cisco has been talking with Cross, and plans to review his recommendations for changes to the architecture and infrastructure employed.

Although some experts say the entire concept of a permanent interface for intercepting communications undermines security, Cross believes that a system such as Cisco’s can help ensure that intercepts are performed lawfully, providing it is properly protected against unauthorized access.

Steven Bellovin, a professor of computer science at Columbia University who researches network security, says that if lawful intercept systems must exist, he would like to see them offer better protections. “It’s engineering a vulnerability into your network, and the question is how well you can protect it,” he says.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »