[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC requirements
> From: Marcus J Ranum <mjr@tis.com>
> >If we could only get authentication widely deployed, we won't need
> >firewalls anymore.
>
> Unfortunately, this is dead wrong.
>
No, _your_ argument is dead wrong. "Hackers posting" means they can get
into your secure machine. If you are using IP Security, you might as
well be running a secure machine. If it's not secure, a firewall won't
save you.
The trust boundary is the trusted machine.
I don't care about unsecure machines. Let them die.
Since "trusting" IP Addresses requires "trusting" somebody else's
routing fabric, firewalls don't protect against anything but
maliciousness.
Bill.Simpson@um.cc.umich.edu