ABSTRACT
The inevitable result of all this justified attention on these diverse, sometimes sensational sources of InfoSec-related threat has been diminished attention to less dramatic, more seemingly routine sources of threat. One such source, the focus of this chapter, is network snooping or sniffing, in which network traffic is captured without authorization. Although most InfoSec professionals understand that such a threat exists, it is easy to fall into the trap of thinking that somehow the magnitude of this threat pales compared to the other, more exciting sources of threat. An organization is likely to have provisions in an InfoSec policy that prohibit the use of sniffers without proper authorization and that may even require periodic inspections to determine whether unauthorized sniffers exist. Furthermore, unless one works in a unit whose responsibilities include networking, one is not likely to be aware of the extent to which sniffers are deployed and exactly who has access to the data that sniffers capture. Of
all the sources of potential loss due to unauthorized access to systems, illegal data transfers, etc., however, none is greater in most operational environments than the deployment of unauthorized sniffers. This chapter explores the nature of the sniffer threat, presents solutions for combating the risk, and suggests strategies for dealing with sniffer-related incidents should they occur.
