>> From firewalls-owner @
GreatCircle .
COM Wed Mar 1 11:14:31 1995
>> From: horn @
mickey .
jsc .
nasa .
gov
>> Subject: Node based security (Was: Re: No Out-Of-The-Box Security)
>> To: padgett @
tccslr .
dnet .
mmc .
com (A. Padgett Peterson P.E. Information Security)
>> Cc: firewalls @
greatcircle .
com
>> padgett @
tccslr .
dnet .
mmc .
com wrote:
>> >So my feeling is that the nodes really do not need any security except as
>> >a second line of defense (I like defense in depth - preferably three levels
>> >deep) because the problem packets should never reach the nodes if I have
>> >done my job properly.
>>
>> Wow! That's quite a statement. I think that our network perimiter provides
>> us the lion's share of our security, but that doesn't mean that I don't make
>> node based security a priority.
>>
>> Do all of you out there really put that much confidence in your firewalls that
>> you feel you could comfortably ignore the security of individual nodes? To
>> the extent that just about any unix box can be a router and do SLIP/PPP, don't
>> I have to worry about a node creating another point of contact from the
>> Internet? Or is that kind of awareness not considered node based security?
>> --
>> Mark Horn (sparkie)
>> EMAIL: horn @
mickey .
jsc .
nasa .
gov
>> WWW: http://tommy.jsc.nasa.gov/~horn
>>
I think the issue of how you control what goes onto your
network is a fundamental one. If someone you don't know
can plug his/her machine (say, to the wall plate) and be
on the network, all the bets are off.
A question: does your boss understand that?
Regards,
Tenna Sakai
Miles Research Center
(Soon to be Bayer Research Center)
Follow-Ups:
|
|
