Firewall Wizards mailing list archives
Re: Aside from Firewall ..
From: Crispin Cowan <crispin () cse ogi edu>
Date: Wed, 14 Jul 1999 00:48:05 -0700
Thomas Crowe wrote:
I would sat that the only reason for Digital Cert. based authentication or VPN encryption is if you are communicating over a "public" network. IOW If there is ANYONE else on the wire that should not see the transmissions then by all means encrypt the transmissions AND require secure authentication. However if the circuit is direct point to point between 2 trusted networks, then it is really a waste of time, money, and other resources.
Except that all wires that leave your desktop should be considered "public", because there is no physical way to detect whether someone has tapped the wire. This is especially true if the wire leaves your building, or if the wire goes into a closet that's shared with other organizations. Since you have no way of determining that you're beaing tapped, the expense of protecting your privacy should be compared against the cost of getting hacked. Since SSH is free and convenient, I basically never send any personal data anywhere without encrypting it. Crispin ----- Crispin Cowan, Research Assistant Professor of Computer Science, OGI NEW: Protect Your Linux Host with StackGuard'd Programs :FREE http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
Current thread:
- Aside from Firewall .. C. K. Lung (Jul 12)
- Re: Aside from Firewall .. Joseph S D Yao (Jul 12)
- Re: Aside from Firewall .. Tina Bird (Jul 13)
- RE: Aside from Firewall .. Thomas Crowe (Jul 13)
- Re: Aside from Firewall .. Crispin Cowan (Jul 14)