Firewalls: Node based security (Was: Re: No Out-Of-The-Box Security)

Firewalls
(March 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Node based security (Was: Re: No Out-Of-The-Box Security)
From:	horn @ mickey . jsc . nasa . gov
Date:	Wed, 1 Mar 1995 09:23:23 -0600 (CST)
To:	padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson P.E. Information Security)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<9503010239 . AA08458 @ uvs1 . orl . mmc . com> from "A. Padgett Peterson, P.E. Information Security" at Feb 28, 95 09:39:21 pm

padgett @
 tccslr .
 dnet .
 mmc .
 com wrote:
>So my feeling is that the nodes really do not need any security except as
>a second line of defense (I like defense in depth - preferably three levels
>deep) because the problem packets should never reach the nodes if I have
>done my job properly.

Wow!  That's quite a statement.  I think that our network perimiter provides
us the lion's share of our security, but that doesn't mean that I don't make
node based security a priority.

Do all of you out there really put that much confidence in your firewalls that
you feel you could comfortably ignore the security of individual nodes?  To
the extent that just about any unix box can be a router and do SLIP/PPP, don't
I have to worry about a node creating another point of contact from the
Internet?  Or is that kind of awareness not considered node based security?

-- 
Mark Horn (sparkie)
EMAIL:  horn @
 mickey .
 jsc .
 nasa .
 gov
WWW:    http://tommy.jsc.nasa.gov/~horn

Indexed By Date	Previous:	Re: Firewall-to-Firewall Encryption From: "william.wells" <william . wells @ damark . com>
Indexed By Date	Next:	Re: Firewall-to-Firewall Encryption From: mckenney @ smiley . mitre . org (Brian W. McKenney)
Indexed By Thread	Previous:	Re: Firewall-to-Firewall Encryption From: Larry Chin <Larry_Chin @ ca . cch . com>
Indexed By Thread	Next:	Re: Node based security (Was: Re: No Out-Of-The-Box Security) From: reynolds @ acetsw . amat . com (John Reynolds)