At 11:50 AM 12/11/96 -0800, you wrote:
>
>Let me make another statement:
>"If systems in a company's network use challenge/response authentication
>and password encryption for all connections (such as where NT is headed),
>there isn't justification for a firewall anymore. Traditional Firewalls
>are designed for UNIX environments where plaintext or unprotected
>applications live, such as telnet/ftp/smtp/popmail/xwindows."
>
>Hmm. Maybe next-generation firewalls will need to look at application/
>RPC transactions that desktop/server PCs use instead of just network port
>number traffic.
>
>(opinin ping)
>
>
>Bill Stout
>_______________________________________________________________________________
>Senior Systems Admin NT/Backoffice/Solaris/WWW-Db/Firewalls/Cisco/VM-UNIX/VMS
>Hitachi Data Systems 408-970-4822 --- Disclaimer: I speak only for myself
>
Hmm.
I'm not sure I like the way this trend would eventually lead.
I thought the point of things like the OS was to centralise such isues as
access control. How will you guarentee the _application_ programmers will
code all
this correctly and not just write "plaintext, unprotected applications" ?
What's next? The application doing the expansion of wildcard charecters in
parameters?
Oh? What? VMS? CP/M? OS/8? ..... Sounds like codebloat to me.
----------------------------------------------------------------------------
Anton J Aylward | Security is not something that comes in
The Strahn and Strachan Group Inc | a self-contained box. It is an attribute
Information Security Consultants | of how you do business and as such
Voice: (416) 494-8661 | needs to be managed carefully.
Fax: (416) 494-8803 | - Karen Goertzel, Wang Federal Inc.
|
|
