Re: Q on external router

[Eric Vyncke <evyncke () cisco com>]

At 19:59 23/04/98 -0500, tqbf () secnet com wrote:
> > >    Do not rely on switches because switches are not designed for
> > > security.
> >
> >      Based on that logic, there's just about nothing you CAN
> > rely on, except death, taxes, and sendmail bugs.
>
> I don't think that's very fair. It seems obvious to me that some systems
> have more attention paid to them for security (VMailer, for instance) than
> others (like Sendmail). My confidence in VMailer is much greater than my
> confidence in Sendmail, to the point where I'd be willing to consider
> deploying VMailer in circumstances where Sendmail's lack of reliability is
> prohibitive.
>
> Same goes for switches and link-layer security.

Even more unfair... I agree with you regarding Vmailer/sendmail but
I would compare sendmail = hub and vmailer = switch. The former
has little security in it (let's assume that a hub is a very bugged
switch) while the latter has more security.

Vmailer/switch are not secure enough to use them alone for security,
you used them with other devices, don't you ?

I stop here because, the smell of religious war is becoming apparent

-eric

> -----------------------------------------------------------------------------
> Thomas H. Ptacek                                       Secure Networks, Inc.
> -----------------------------------------------------------------------------
> http://www.enteract.com/~tqbf  "If you're so special, why aren't you dead?"
Eric Vyncke      
Technical Consultant               Cisco Systems Belgium SA/NV
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke () cisco com          Mobile: +32-75-312.458