[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC == end of firewalls

To: Den of CryptoAnarchists <[email protected]>
Subject: Re: IPSEC == end of firewalls
From: Ben <[email protected]>
Date: Tue, 23 Jan 1996 10:55:27 -0500 (EST)
In-Reply-To: <[email protected]>
Sender: [email protected]

> functionality of most firewalls would eventually be an add-on application 
> option for Operating Systems and that eventually it will be a standard 
> part of every Operating System.  Until then, we have to punt & keep using 
> firewalls.  

I'm not so convinced that adding 'firewall functionality' to an OS is 
such a good idea.  The idea behind having a firewall is that 
	*	You have a hardened host that has been stripped of
		anything that could be used by an attacker to compromise
		other systems
	*	You have a single machine that serves as the sole port of
		entry into your domain.  By keeping your defense perimeter
		nice and small it makes it manageable to maintain.  

When you start trying to swtich firewall functionality to an OS you lose 
both these advantages.  You no longer have a system that is stripped of 
compilers, scripting languages, etc, and you now have a much larger 
security perimeter.

Ben.
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed        Finger [email protected] for key
Want to hire a soon-to-be college grad? 		Mail me for resume

References:
- Re: IPSEC == end of firewalls
  - From: Frank Willoughby <[email protected]>

Prev by Date: Re: Blacknet & Lotus Notes
Next by Date: Re: Crippled Notes export encryption
Prev by thread: Re: IPSEC == end of firewalls
Next by thread: Re: IPSEC == end of firewalls
Index(es):
- Date
- Thread