>
>
> > the alternative being real authentication (eg
> > SecurId) for every outbound connexion as well as every inbound
>
> Actually, it occurs that in this second scenario -- a confederate of the
> baddies, perhaps a disaffected employee inside your network -- even
> authentication of outbound connections wouldn't help you: if this
> insider is `trusted' -- allowed to make outbound connections through
> (say) your telnet application gateway -- then she can if so determined
> misuse this channel anyway (eg: ...
[example of a confederate helping to set telnet out to the world}
I think the point is that having an inside confederate makes the
crackers much less secure, both that they won't be "ratted on"
by the confederate before they act and that the confederate will
be undetectable from logs of SecurID use, etc.. So requiring
some kind of signature to open a door to the outside world
has a point.
On the other hand, with inside knowledge one could walk source
trees or databases and mail the results out. Unless you apply
some kind of signature to every piece of mail (and every
news article) you can't even trace how your secrets might be
migrating out to other companies. I guess you could make your
mail gateway track you down and request your SecurID before
allowing mail out with your name on it, but somehow I think
that it is impractical.
Bob
P.S. If you had a confederate, you'd probably most often want that
person to write a tape and drop it in the outgoing company
mail. That way the time the confederate has to screw up is
kept to a minimum.
References:
|
|
