Firewalls: Re: Cisco PIX

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Cisco PIX
From:	lists @ lina . inka . de (Bernd Eckenfels)
Date:	Thu, 28 Nov 1996 06:10:30 +0100 (MET)
To:	rjb @ calyx . net (Robert J. Brown)
Cc:	Firewalls @ GreatCircle . COM
In-reply-to:	<Pine . BSF . 3 . 95 . 961127220021 . 19898A-100000 @ mojo . calyx . net> from "Robert J. Brown" at Nov 27, 96 10:08:55 pm

Hello,

> So PIX puts all of its trust in TACACS and Radius? If the authentication
> server runs on a different machine, that would mean the firewall trusts
> something. Having the firewall trust *ANYTHING* is bad bad bad.

I think it is actually a good idea to store NO authentication data on the
firewall. I don't see a problem with a trusted authentication servers. Of
course this piece of hardware needs to be additionally secured and should be
on its own secure net. 

This is how more secure systems like SecureId or
Kerberos works. They all need a trusted Authentication Server.

Greetings
Bernd
--
  (OO)      -- Bernd_Eckenfels @
 Wittumstrasse13 .
 76646Bruchsal .
 de --
 ( .. )  ecki @
 {inka .
 de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes @
 irc  +4972573817  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy

References:

Re: Cisco PIX
From: "Robert J. Brown" <rjb @ calyx . net>

Indexed By Date	Previous:	Subject: Re: Lotus notes through firewall From: Davyd Norris <Davyd . Norris @ fcollins . com . au>
Indexed By Date	Next:	Re: Cisco PIX From: Mike Shaver <shaver @ neon . ingenia . ca>
Indexed By Thread	Previous:	Re: Cisco PIX From: "Robert J. Brown" <rjb @ calyx . net>
Indexed By Thread	Next:	Re: Cisco PIX From: Mike Shaver <shaver @ neon . ingenia . ca>