[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2000 and Cicsco router interoperability
Glen Zorn wrote:
<trimmed...>
> Henry Spencer wrote:
>
> > Granted, if security isn't important to the customer, their security is
> > likely to be weak. But careful design by specifiers and suppliers can
> > have a big effect on *how* weak it is, both by avoiding gratuitous holes
> > and by influencing customer behavior in the right direction. Such
> > measures can considerably improve the odds that a cracker will pick on
> > somebody else. (Flu vaccination will not guarantee that you don't get the
> > flu, but it considerably improves the odds of getting only a mild case.)
>
> To continue your medical analogy (though I'm not sure how appropriate it
> is), if flu shots were as painful as rabies treatment, how many people would
> just take their chances w/the flu? My point here is that the entire purpose
> of xuth/mode config/etc. seems to be to create precisely the functionality
> already present in PPP (and by extension, L2TP).
>
Actually, I think the entire point of the various user auth proposals
are to create the minimal necessary and sufficient *subset* of the
functionality present in ppp and l2tp in order to enable secure remote
access.
Scott
Follow-Ups:
References: