Firewalls: Re: Firewall off Mortal Kombat XIV

Firewalls
(September 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewall off Mortal Kombat XIV
From:	gary flynn <gary @ habanero . jmu . edu>
Date:	Thu, 14 Sep 1995 10:48:17 -0400
To:	firewalls-owner @ GreatCircle . COM, mjr @ iwi . com, sedayao @ argus . intel . com
Cc:	firewalls @ GreatCircle . COM, hulveydb @ falcon . jmu . edu

> From: Ted Doty <ted @
 kgbvax .
 network .
 com>
> 
> sedayao @
 argus .
 intel .
 com (Jeffrey C. Sedayao) wrote:
> >  
> > > 	1) The notion of "network perimeter" will erode to the point
> > > 	where saying "protect all access into and out of your network"
> > > 	will be greeted with hysterical giggles. Right now when I
> > > 	say that many of my customers just look at me with a glazed
> > > 	eyed expression as if to say, "pull the other one."
> >  
> > I agree.  It is getting easier and easier for holes to be punched
> > through a large corporate "network perimeter".  In my opinion (and
> > unfortunate experience), insiders are probably the ones who will do 
> > the hole punching. 
> 
> Not necessarially.  Given the frequency of hacked phone switches, the
> security of an internal (say) Frame Relay wan is pretty suspect.  But
> insiders don't need to phreak to sniff the net.  You're right, tho ...
> the personnel department gets hacked much more often by insiders than
> by outsiders.
> 
> All in all, the "hard crunchy shell around the soft chewy center" is looking
> more an more like the Maginot Line.
> 
> > 2.  Individual applications and hosts will become more hardened and
> > secure.  For old applications, small individual sized "firewall-wrappers"
> > will become available.
> 
> At the risk of being Yet Another Security Pinhead, this is the Wrong
> Thing To Do.  If we think that the number of clueless boneheaded application
> developers is much larger than the number of clueless boneheaded kernel
> developers, then The Right Thing To Do is to put general security hooks in
> the kernel.
> 
> I'm fairly optimistic anout something like IPSec combined with TCP wrappers;
> IPSec prevents anonymity, and the wrappers give you a modicum of access
> control.  Let's fix it once (at the common - i.e. IP level), rather than
> having a million RFCs for "Privacy Enhanced Gopher".
> 

Isn't this what SecureWare's Hannah product does?

Can someone point me to a site that can tell me the progress of IPv6...
both the protocols and implementations?

thanks,

Gary Flynn
James Madison University

Indexed By Date	Previous:	Re: Firewall off Mortal Kombat XIV From: "Bryan D. Boyle" <bdboyle @ maverick . erenj . com>
Indexed By Date	Next:	Re: Secure version of Sendmail From: mdr @ vodka . sse . att . com
Indexed By Thread	Previous:	Re: Firewall off Mortal Kombat XIV From: Ted Doty <ted @ kgbvax . network . com>
Indexed By Thread	Next:	IPv6 (was Re: Firewall off Mortal Kombat XIV) From: "Steven W. Lodin" <swlodin @ cs . purdue . edu>