Firewalls: Re: NATs

Firewalls
(May 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: NATs
From:	Michael Endrizzi <endrizzi @ phantasm . sctc . com>
Date:	Thu, 05 May 1994 19:53:06 -0500
To:	Eliot Lear <lear @ yeager . corp . sgi . com>
Cc:	"Robert G. Moskowitz" <0003858921 @ mcimail . com>, Eric Fleischman <ericf @ atc . boeing . com>, brian <brian @ dxcoms . cern . ch>, ipv4 ale <ipv4-ale @ ftp . com>, big internet <big-internet @ munnari . oz . au>, firewalls <firewalls @ GreatCircle . COM>
In-reply-to:	Your message of "Mon, 02 May 1994 15:04:31 PDT." <9405021504 . ZM16049 @ yeager . corp . sgi . com>
Reply-to:	endrizzi @ phantasm . sctc . com

In message <9405021504 .
 ZM16049 @
 yeager .
 corp .
 sgi .
 com>, Eliot Lear writes:
>I think it's important to stress that network level security is in
>some sense orthoganol to application layer security.  Used today,
>network layer security provides end to end privacy to the network
>code.  It does you no good to have that privacy if the hosts on
>either end leak like sieves.
>

amen brother.

Besides, if something is encrypted don't waste your time breaking
the crypto but go after the keys. Keys are kept by application
level programs protected by Unix permission bits.....wow.
(According to Garfinkel and Spafford "Practical Unix Security"
footnote page 282, this is a big problem with Kerberos)

					dreez

References:

Re: NATs
From: lear @ yeager . corp . sgi . com (Eliot Lear)

Indexed By Date	Previous:	List of proxy daemons From: Tim Lentz x3255 <lentz @ imsl . com>
Indexed By Date	Next:	Re: Router advice needed From: Steve Kennedy <steve @ gbnet . org>
Indexed By Thread	Previous:	Re: NATs From: lear @ yeager . corp . sgi . com (Eliot Lear)
Indexed By Thread	Next:	Add to mail list for firewalls. From: Gary L Morris <Gary_L_Morris @ ccm . al . intel . com>