Tuesday, January 24, 2006

X.25 Security Nightmares

I was reading the HITB 2005 conference materials and came across this awesome preso on X.25 security in 2005. Here is the outline from the site:

"x.25 Security - The presentation focuses on X.25 security issues, positioned in present day context and problems. The main intention is to bring personal and professional know-how, background and X.25 penetration testing experiences to the auditorium, with real-life case studies"

My summary: OMG! :-) There is a whole world out there, that many [security] people never even hear about. I did read some materials on that before, but this is by far the most clear, detailed and modern information source.

So, whenever a "con-sultant" does some silly "nmapping around" and then claims to have performed a pentest, think that likely somewhere in the shadows somebody from a remote country is snickering while owning the network thru X.25 ...

As far as other resources are concerned, I also liked this paper from (!) 1988 on X.25 security issues.

Dr Anton Chuvakin