> From: Ted Doty <ted @
> sedayao @
com (Jeffrey C. Sedayao) wrote:
> > > 1) The notion of "network perimeter" will erode to the point
> > > where saying "protect all access into and out of your network"
> > > will be greeted with hysterical giggles. Right now when I
> > > say that many of my customers just look at me with a glazed
> > > eyed expression as if to say, "pull the other one."
> > I agree. It is getting easier and easier for holes to be punched
> > through a large corporate "network perimeter". In my opinion (and
> > unfortunate experience), insiders are probably the ones who will do
> > the hole punching.
> Not necessarially. Given the frequency of hacked phone switches, the
> security of an internal (say) Frame Relay wan is pretty suspect. But
> insiders don't need to phreak to sniff the net. You're right, tho ...
> the personnel department gets hacked much more often by insiders than
> by outsiders.
> All in all, the "hard crunchy shell around the soft chewy center" is looking
> more an more like the Maginot Line.
> > 2. Individual applications and hosts will become more hardened and
> > secure. For old applications, small individual sized "firewall-wrappers"
> > will become available.
> At the risk of being Yet Another Security Pinhead, this is the Wrong
> Thing To Do. If we think that the number of clueless boneheaded application
> developers is much larger than the number of clueless boneheaded kernel
> developers, then The Right Thing To Do is to put general security hooks in
> the kernel.
> I'm fairly optimistic anout something like IPSec combined with TCP wrappers;
> IPSec prevents anonymity, and the wrappers give you a modicum of access
> control. Let's fix it once (at the common - i.e. IP level), rather than
> having a million RFCs for "Privacy Enhanced Gopher".
Isn't this what SecureWare's Hannah product does?
Can someone point me to a site that can tell me the progress of IPv6...
both the protocols and implementations?
James Madison University