> From genel @
inforamp .
net Sat Nov 2 12:59:24 1996
> Message-ID: <01BBC8D5 .
EF021160 @
ts21-06 .
tor .
iSTAR .
ca>
> From: Gene Lee <genel @
inforamp .
net>
> To: "kmeade @
tcd .
ie" <kmeade @
tcd .
ie>, "'Sunny Azah'" <sazah @
ibu .
sj .
nec .
com>
> Cc: "Firewalls @
GreatCircle .
COM" <Firewalls @
GreatCircle .
COM>
> Subject: RE: Remote admin. on FW's
> Date: Sat, 2 Nov 1996 15:52:54 -0500
> On Tuesday, October 29, 1996 1:29 PM, Sunny Azah[SMTP:sazah @
ibu .
sj .
nec .
com] wrote:
> >Encryption based upon DES or 3-DES is sufficiently strong.
> >The real questions are:
> >
> > 1) How good are the keys and how well are they created,
> > protected, and managed?
> >
> > 2) How strong is the authentication and how well does it
> > resist cracking and replay attacks?
> >
> > 3) Can it be spoofed (e.g. man in the middle attack)?
> >
> > 4) Is the risk associated with remote management worth
> > the convenience?
>
> Also add in:
>
> 5) How secure is the remote management client? X11 attacks on a remote management GUI will defeat the strongest encryption.
Good point. Howevever, the problem encompasses more than
just X Windows security, but the total security of the administrative
machine. There are a number of other potential weak points
(e.g. NFS, poor passwords, crackable network services [.e.g. sendmail]).
So, I agree with your point, but I would expand it to cover the
total security of the administrative machine.
> > --
> > Gene Lee
> > genel @
inforamp .
net
> > genelee @
vnet .
ibm .
com
--
Regards,
--------------------------------------------------------------------------
Sunny Azah - sazah @
ibu .
sj .
nec .
com
Internet Business Unit, Home of the PrivateNet
NEC Technologies, Inc.
110 Rio Robles San Jose, CA 95134
Tel:(408) 433-2161 FAX:(408) 433-1230
http://www.privatenet.nec.com
--------------------------------------------------------------------------
Follow-Ups:
|
|
