Firewalls: Re: "Firewalls are Bad"

Firewalls
(September 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: "Firewalls are Bad"
From:	mrm @ optigfx . com (Mike Murphy)
Date:	Thu, 1 Sep 94 12:19:36 PDT
To:	gwyn @ ARL . MIL
Cc:	Firewalls @ GreatCircle . COM, mrm @ sceard . com

>[...]
>I don't think the current suite of Internet protocols is anywhere
>near as secure as it ought to be (without losing legitimate services),
>however.  It is horrible that IP addresses cannot be trusted.   There
>needs to be foolproof authentication of *some* sort at these lower
>levels, if we are not going to have to implement security policies
>within nearly *every* protocol built on top of IP.  On the other hand,
>since there can be a security hole at any level, it would appear that
>every protocol that matters *will* need to perform its own authentication
>anyway.  Some of us in MCSB have been conducting research in this area
>and have devised a fairly general yet simple authentication scheme which
>could feasibly be implemented in a general program support library.
>

If I get it,

your point 1. IP not secure enough.
your point 2. evil that IP addresses can't be trusted.
your point 3. foolproof authentication required at low levels, e.g., IP.
your point 4. if not 3, then security required on every protocol above IP.
your point 5. regardless of 1-4, every protocol must provide its security.

I'll disagree with 1-4 and suggest that the _current_ state of IP
is OK. Let me explain by poor analogy and mixed metaphor before folks
yell :-)

Imagine that as a firewall is the "hard shell around the chewy center",
the packet is a marshmallow around a very hard nut, where that hard nut
is a strongly authenticated higher level protocol. I don't much care about
the marshmallow. I care that the nut is hard to crack.

What this might mean is that depending upon a firewall that does not take
into account the inherent insecurity in the current IP may lead to a very
false sense of security. Filtering by network, filtering by protocol, any
of that sort of filtering of the marshmallow might well be only superficially
useful security. Only if the nut and its contents are correct should the
firewall let through the contents of the nut. In either direction. In such
case the firewall is in fact a semi-permeable membrane.

I think. :-)

You willing to speak of the "fairly general yet simple scheme?"

--
Mike Murphy mrm @
 Optigfx .
 COM ucsd!optigfx!mrm  +1 619 625 3000 x 265
ALPHAREL        9339 Carroll Park Drive        San Diego, CA  92121
The opinions expressed above are mine and not those of my employer.

Follow-Ups:

Re: "Firewalls are Bad"
From: Brad Huntting <huntting @ csn . org>

Indexed By Date	Previous:	I still hate DNS.... From: mjs @ tiaa . org (marty shannon)
Indexed By Date	Next:	infilt-0.5 : firewall-style filtering for dp-2.3 (fwd) From: strick <strick @ yak . net>
Indexed By Thread	Previous:	Re: "Firewalls are Bad" From: Doug Gwyn (ACISD/MCSB) <gwyn @ ARL . MIL>
Indexed By Thread	Next:	Re: "Firewalls are Bad" From: Brad Huntting <huntting @ csn . org>