[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Windows 2000 and Cicsco router interoperability
Henry Spencer [mailto://henry@spsystems.net] writes:
> On Mon, 22 May 2000, Glen Zorn wrote:
> > Such assurances are unnecessary. In the final analysis, if security is
> > important to customers, they will buy secure products and configure them
> > correctly. If security isn't important to customers, no number of
> > 'standards-specified approaches' will have any effect.
>
> Real life is not so Boolean in nature.
Of course not. Perhaps I should have spent several thousand pages
describing the shades of gray between the poles but that approach is less
than effective as a rhetorical device.
>
> Granted, if security isn't important to the customer, their security is
> likely to be weak. But careful design by specifiers and suppliers can
> have a big effect on *how* weak it is, both by avoiding gratuitous holes
> and by influencing customer behavior in the right direction. Such
> measures can considerably improve the odds that a cracker will pick on
> somebody else. (Flu vaccination will not guarantee that you don't get the
> flu, but it considerably improves the odds of getting only a mild case.)
To continue your medical analogy (though I'm not sure how appropriate it
is), if flu shots were as painful as rabies treatment, how many people would
just take their chances w/the flu? My point here is that the entire purpose
of xuth/mode config/etc. seems to be to create precisely the functionality
already present in PPP (and by extension, L2TP).
<text deleted>
Follow-Ups:
References: