[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Internet Flaws

On Wed, 11 Oct 1995, Jeff Weinstein wrote:

> > I'd love to see something in there about most commercial sites being behind
> > firewalls without nfs access across the firewall.  This greatly reduces the
> > risk from the nfs problems.  If you get your binary via nfs from a trusted
> > host inaccessible from the internet, then if you have this problem management
> > can handle it as an employee problem;)  There are ways to make secure
> > firewalls, it's fairly well understood.  Sometimes people point to things
> > like the hack Mitnick did last Christmas, but his attack took advantage of
> > a couple of things a security expert shouldn't have allowed, first and
> > foremost two machines were accesible from the internet, and one of them
> > trusted root logins from the other without a password:(
>   It might also be worth noting that people accessing the net
> via an ISP from home do not typically use NFS either.

	And that this is the segment of the user population that is most 
important to commerce online.  But I still hate to see these types of 
solutions being used to try and cover something that should, and could be 
fixed in the underlying protocol itself.  Wouldnt AH and ESP take care of 
a large portion of the existing security holes?  Certainly not all of 
them, but it would solve alot of problems and make development of secure 
applications much easier.

note: is anyone working on implementeing some of the things outlines in 
R(1825?) ?  I think Perry posted regarding it awhile back, but havent 
heard much about it since.

Nesta Stubbs		     "Betsy, can you find the Pentagon for me? 
Cynico Network Consulting     It has five sides and a big parking lot" 
[email protected]			-Fred McMurray-