[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC requirements
Charles Watt writes:
>With cryptographic protection at the network level providing peer-host
>authentication, data integrity and data confidentiality, you can extend
>your defense perimeter out over the unprotected networks to encompass
>all of those machines that you control or trust, where ever they may
>be. This is a big win for any organization, or for any distributed service,
>that spans more than a single LAN.
No arguments here! This would be a great step forward and
I don't think it'd surprise anyone to find out that TIS is working
quite actively on such technologies. :) We describe this as building
a "virtual network perimeter" -- you're extending your network
perimeter over untrusted networks; what's important is that you're
still not bringing those untrusted networks *into* your network.
In other words, you're still firewalled off from the world.
Once there are good link-level integrity and encryption
tools available, we can start looking at the more complex problem
of how do you distribute trust to machines you don't necessarily
control (a real hard problem). I worry that some of the folks
reading this list are trying to solve the latter problem, and
that we may delay having something useful in our quest for
the very hard. Or worse, that we may focus on one technology and
fail to realize that it's only a small slice of a very tough
problem that needs to be solved across the board. That's what
Doug Gwyn was saying, basically.
Just give me IP encryption and some integrity checking
and that's enough. All the authentication stuff is useless and
belongs at the application layer. No way in hell am I gonna
trust your kernel on a remote machine to authenticate a user.
Not until we have high quality host-based security. If I'm that
gullible, I may as well just use rlogin and "privileged ports."
mjr.
Follow-Ups: