[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC == end of firewalls
Because this has Cpunks relevance in the use of crypto, I'm going to keep
it on this list...
> remain relatively secure. However, I am I'm not saying that adding
> firewalling capabilities would make the system invincible. I *am*
> saying that it would provide the system with more security than it
> currently has and would help to reduce (not eliminate) some risks
> associated with networking.
But what does it mean to add 'firewalling capabilities' to an O/S? By
definition, a firewall is supposed to stop the spread of 'fire' by being
the sole mechanism for the interchange of packets.
If you're referring to making a hardened OS that can protect itself
through the use of well written code, memory protections, etc. then, yes
by all means add it to your OS, but these shouldn't be luxuries in that
they're thought of as 'firewalling' features. Rather these things should
be compulsory in the development of OS's.
> Of course, it would be terrific if the vendors would produce Operating
> Systems which are secure AND usable. (I think the market will eventually
> demand this from vendors, but this probably won't happen in the next year
> or two.)
Even if OS's could be secure(lets not get into Orange Book here) they
would need constant updating. Most users have problems printing, let
alone installing patches and tweaking afterwards to deal with conflicts.
And you can't expect IS to micromanage the corporation's entire fleet of
machines.
This would be nice, and would be a good start, but like I said above,
these things shouldn't be considered to be luxuries. Rather they should
be compulsory. That doesn't mean that they will obsolete firewalls by
any stretch of the imagination.
Ben.
(I'm starting to think Frank may have been right to move this to
firewalls. I think I'll crosspost this message too)
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation." -Anais Nin
PGP Encrypted Mail Welcomed Finger [email protected] for key
Want to hire a soon-to-be college grad? Mail me for resume