[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC == end of firewalls




Frank Willoughby writes:
> While IP level security & authentication will go a long way to help 
> prevent abuses and reduce unauthorized accesses, I doubt if it will
> provide enough protection by itself.

I agree with this, but...

> o Node Spoofing will probably still be possible

Nope. It won't.

> o The connections will probably also be subject to man-in-the-middle attacks
>    (Never underestimate the creativity of people who want to compromise your
>    networks)

No, they won't be subject to such attacks any longer.

The real problem, as you noted, is that our applications aren't very
secure.

> I suspect even when firewalls are embedded in the O/S,

That would be somewhat meaningless. The point of a firewall, as others
here have noted, is that it is easier to secure one machine than five
hundred or ten thousand.

> IMHO, the first company to include a firewall as a standard part of their
> Operating Systems has a real good shot at increasing their market share.  

Again, somewhat meaningless, as a real firewall involves defense in
depth (screening routers, a bastion proxy host, etc) and is more of a
configuration issue than an O.S. issue.

Perry