Firewalls: Re: Proxy firewall questions

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Proxy firewall questions
From:	Brian Murrell <murrell @ bctel . net>
Date:	Thu, 30 Nov 1995 09:16:06 -0800 (PST)
To:	firewalls @ GreatCircle . COM, craigb @ ftp . com

> b)  Is it likely that firewall administrators will object if the user is 
> permitted to save their firewall password, in an encrypted form, in a 
> configuration file so that it is not necessary to enter the firewall 
> password for each connection that is established?

The purpose of a password can be twofold.  Firstly to allow only authorized use 
of the resource and secondly to have a reliable audit trail of access.  If you 
allow the user to "save" the password and the users machine is then used for 
some sort of "unauthorized" use, can you reliably say that it was the user who 
saved their password that made the access.  My opinion is no.

If you force the user to use their password every time they connect that you can 
say one of three things:

1.  The user is responsible for the unauthorized access

2.  The user gave away their password (told it, wrote it down somewhere, etc.)

3.  The password was sniffed

If you can rule out #3 then the user is responsible and reprimandable for 1 and 
2.

b.

--
Brian J. Murrell                                              murrell @
 bctel .
 net
BCTel Advanced Communications                                   brian @
 ilinx .
 com
Vancouver, B.C.                                                brian @
 wimsey .
 com
604 454 5261

Indexed By Date	Previous:	Re: combining dual-homed host and screened subnets in Chapman's firewall book From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Date	Next:	RE: A1 Systems? From: "Johnson-Bryden, Ian" <IJB @ saicuk . co . uk>
Indexed By Thread	Previous:	Proxy firewall questions From: Craig Buffinton <craigb @ ftp . com>
Indexed By Thread	Next:	double firewalls From: sgcccdc @ citec . qld . gov . au (Colin Campbell)