At 11:50 AM 12/11/96 -0800, you wrote:
>[snip]
>Let me make another statement:
>"If systems in a company's network use challenge/response authentication
>and password encryption for all connections (such as where NT is headed),
>there isn't justification for a firewall anymore. Traditional Firewalls
>are designed for UNIX environments where plaintext or unprotected
>applications live, such as telnet/ftp/smtp/popmail/xwindows."
>
>
>Bill Stout
>_______________________________________________________________________________
>Senior Systems Admin NT/Backoffice/Solaris/WWW-Db/Firewalls/Cisco/VM-UNIX/VMS
>Hitachi Data Systems 408-970-4822 --- Disclaimer: I speak only for myself
I seem to recall some well known author in the field saying that
A firewall is the _network's_ response to poor security in the host.
I don't recall him saying "UNIX".
My experience with DOS, Windows, Macintosh, VMS, MVS - anyhting that can talk
over a network - is that it warrants a firewall,
Not least of all becuase the firewall is the _single_ point of
interface/demarcation
between the network and the "other" (which could equally well be the hackers
in R&D,
not the Internet).
I can't see doors going away, even if theives can hack their way though
walls using chainsaws.
I can't see people taking locks off door and just using the door to keep out
rain and snow.
(Or sand in climates where you don't get rain & snow. )
Sorry, Bill, I feel bound to rise to your bait here.
/anton
----------------------------------------------------------------------------
Anton J Aylward | Security is not something that comes in
The Strahn and Strachan Group Inc | a self-contained box. It is an attribute
Information Security Consultants | of how you do business and as such
Voice: (416) 494-8661 | needs to be managed carefully.
Fax: (416) 494-8803 | - Karen Goertzel, Wang Federal Inc.
|
|
