Great Circle Associates Firewalls
(June 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Re[2]: US Justice Dept (Not really)
From: Jason Matthews <jason @ broken . net>
Date: Mon, 3 Jun 1996 05:16:25 -0700 (PDT)
To: Anton J Aylward <anton @ the-wire . com>
Cc: Rolf Weber <weber @ iez . com>, firewalls @ greatcircle . com
In-reply-to: <199606031023 . GAA05728 @ psyche . the-wire . com>

On Mon, 3 Jun 1996, Anton J Aylward wrote:

[snip]

> In that case the denial of service attack still applies, even though the
> store and forward nature of UUCP make penetration of your site completely
> impossible.

Nothing is for sure in this world and hacking into machines via UUCP
accounts is not unheard of. You would surprised how many open UUCP 
accounts one could find if one looked for them.

[snip]

> >you have to assume email to be insecure - in every case.
> >OTOH, you're surely right. this is the main reason why i wish to have
> >my email server under my control.
> 
> That mail _transmission_ is insecure is a bit of a myth.  
> Its _easy_ to read mail sitting in a box on the server, its diffucult to
> read packets in transit.

Your joking right? It's no harder to read a piece of email in transit 
than it is read a plaintext password. Sites are compromised every day by 
sniffing network traffic. What makes you think those interested in your 
daily affairs will stop with passwords?

[snip]

> >my main point was that you can avoid email-server-bugs which can
> >compromise your *whole* security by placing it outside.
> 
> No.  You're placing undue emphasis on "bugs" in the E-Mail server.  There
> are servers which are - at this level - bug free.  But you would still have
> a firewall.

I am not sure I am willing to make that assumption. History shows us that 
email services are the most insecure of all. To place this service on 
any machine intended to filter, restrict, or otherwise alter network
connections from foriegn networks is a mistake.

Jason


References:
Indexed By Date Previous: Re: Re[2]: US Justice Dept (Not really)
From: Rolf Weber <weber @ iez . com>
Next: RE: Raptor's Eagle Firewall
From: gary flynn <gary @ habanero . jmu . edu>
Indexed By Thread Previous: Re: Re[2]: US Justice Dept (Not really)
From: Rolf Weber <weber @ iez . com>
Next: Re: Re[2]: US Justice Dept (Not really)
From: Anton J Aylward <anton @ the-wire . com>

Google
 
Search Internet Search www.greatcircle.com