>
> Just as we had to move protection from the workstation/node level to the
> network/subnet (e.g. firewalls), transaction protection must also be
moved.
> I am seeing a lot of whole keys on blue backgrounds these days...
>
Then again, one could argue that encryption puts the onus back
on the node where the encryption takes place and lets the
network do what it does best...communicate. One could also
argue that a firewall is nothing more than a restrictive
node in the communications path. (No, a router doesn't fit this
definition. The firewall has application knowledge and, sometimes, user
interaction.)
The firewall concept's main weakness is it assumes there is a trusted
and untrusted side. Reality is rarely this simple.
True, because of the insecure nature of some of today's services
(whether by poor design or misconfiguration), firewalls are necessary.
But I'd think that node to node encryption combined with strong
authentication (i.e. good passwords) would take care of most
technologically related security problems. The main challenge is
ensuring that the node can't communicate without these functions.
Gary Flynn
James Madison University
Security Neophyte
|
|
