Firewalls: Re: Is DEC's SEAL as good as DEC claims?

Firewalls
(December 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Is DEC's SEAL as good as DEC claims?
From:	Marcus J Ranum <mjr @ tis . com>
Organization:	Trusted Information Systems, Inc. Glenwood, MD
Date:	Tue, 13 Dec 1994 22:31:22 -0500 (EST)
To:	wlosee @ Getty . Edu (Wulf Losee)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<seedcc11 . 028 @ Getty . edu> from "Wulf Losee" at Dec 13, 94 04:29:08 pm
Phone:	301-854-6889

> Among other things the article claims: "For more than a decade,
> the Screening External Access Link, or SEAL, has kept Digitial Equipment's
> mammoth EasyNet completely impervious to outsiders".

	I guess they never heard of Kevin Mitnick?

	I'm not mentioning that to bash DEC's marketing, but to point
out one of the issues with respect to firewalls. Mitnick got into the
EasyNet via terminal servers initially, and pretty well infected the
whole network. It took a huge amount of effort to root him out. The
firewall had nothing to do with it, of course, since he broke in via
a different avenue into the perimeter. Moral: security must be consistent
around the entire perimeter.

mjr.
[As far as I know, SEAL hasn't been in existence for a decade.
Some of the ideas used in SEAL have, but the first SEAL was installed
about 4 or so years ago.]

References:

Is DEC's SEAL as good as DEC claims?
From: Wulf Losee <wlosee @ Getty . Edu>

Indexed By Date	Previous:	Drawbridge questions From: freeman @ MR . Net (Alex Li)
Indexed By Date	Next:	Re: Should loose source routing be enabled if not IPFORWARDING? From: John Hawkinson <jhawk @ panix . com>
Indexed By Thread	Previous:	Is DEC's SEAL as good as DEC claims? From: Wulf Losee <wlosee @ Getty . Edu>
Indexed By Thread	Next:	Re: Is DEC's SEAL as good as DEC claims? From: "Bryan D. Boyle" <bdboyle @ maverick . erenj . com>