[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC == end of firewalls
Frank Willoughby writes:
> While IP level security & authentication will go a long way to help
> prevent abuses and reduce unauthorized accesses, I doubt if it will
> provide enough protection by itself.
I agree with this, but...
> o Node Spoofing will probably still be possible
Nope. It won't.
> o The connections will probably also be subject to man-in-the-middle attacks
> (Never underestimate the creativity of people who want to compromise your
> networks)
No, they won't be subject to such attacks any longer.
The real problem, as you noted, is that our applications aren't very
secure.
> I suspect even when firewalls are embedded in the O/S,
That would be somewhat meaningless. The point of a firewall, as others
here have noted, is that it is easier to secure one machine than five
hundred or ten thousand.
> IMHO, the first company to include a firewall as a standard part of their
> Operating Systems has a real good shot at increasing their market share.
Again, somewhat meaningless, as a real firewall involves defense in
depth (screening routers, a bastion proxy host, etc) and is more of a
configuration issue than an O.S. issue.
Perry