Great Circle Associates Firewalls
(January 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Firewalls-Digest V4 #71
From: "marcus (m.d.) leech" <mleech @ bnr . ca>
Organization: Bell-Northern Research, Information Technology Division
Date: Mon, 30 Jan 1995 13:25:38 -0500
To: Firewalls%greatcircle . com @ bnr . ca
In-reply-to: <199501301708 . JAA17721 @ miles . greatcircle . com>
X400-content-type: P2-1984 (2)
X400-mts-identifier: [/PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/;bcars520.b.244:30.00.95.18.25.39]
X400-originator: mleech @ bcarh6dc . ott . bnr . ca
X400-received: by mta bnr.ca in /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Mon, 30 Jan 1995 13:25:51 -0500
X400-received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Mon, 30 Jan 1995 13:25:39 -0500
X400-received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Mon, 30 Jan 1995 13:25:38 -0500
X400-received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Mon, 30 Jan 1995 13:25:38 -0500 
-----BEGIN PGP SIGNED MESSAGE-----

> From:    rik @
 spirit .
 com at -smtp-
> Date:    1/29/95  9:36 AM
> 
> > What are the main advantages/disadvantages of using socks vs. a tis toolkit
> > based firewall (maybe a brief summary???)?
> 
> SOCKS is for internal clients, and doesn't include authentication.  You
> can wrap SOCKS with TCP Wrapper, but that approach (relying in an IP
> address for authentication) has been shown to be quite dangerous lately.
> FWTK includes an authentication server which works for connections from
> either inside or outside, and supports several varieties of one-time
> passwords.
There is work going on in the Authenticated Firewall Traversal Working Group
  of the IETF on a standards effort for SOCKS that includes support for
  strong authentication.

aft-request @
 unify .
 com gets you on the (lately not-very-busy) mailing
  list.

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBLy0vIKp9EtiCAjydAQErwwIAgcCNfl+Qnlp9H/ujWpBZJJ7hYHxL5mcF
YG/QDfU74vtqk/D10/SbbaQUoqRSKJFWOEjZONEenkM3tRqyOw23AA==
=2d40
-----END PGP SIGNATURE-----

--
Marcus Leech        |Any opinions expressed are mine.         |+1 613 763 9145
VE3MDL              | and not those of my employer            |+1 613 567 5484
mleech @
 bnr .
 ca       |                                         |
Indexed By Date Previous: Testing firewalls
From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Next: Re: security issues and BGP routing
From: Paul Traina <pst @ cisco . com>
Indexed By Thread Previous: Re: Testing firewalls
From: aab @ cichlid . com (Andy Burgess)
Next: RE- Cleaning out compilers - Reply
From: Markly Dykeman <markly @ cor . cerfnet . com>
Google
 
Search Internet Search www.greatcircle.com