Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tunnel vs open a hole

From: Frederick M Avolio <fred () avolio com>
Date: Tue, 08 Apr 2003 15:07:08 -0400


No one discussed the benefits of using an encrypted, authenticated
tunnel (SSL, SSH, ...), which do provide additional controls. If I were
developing/deploying a (presumably) distributed application *today*,
I would begin with the assumption that I need stronger authentication
than UIPW, message integrity, and message confidentiality. Many of
the problems we struggle to correct today stem from the fact that
we think of security as something orthogonal to application functionality
rather than a core component/requirement.
Of course, encryption exacerbates the problem. :-) We can then gain a tremendously high level of assurance that Dave Piscitello did something over SSL to a particular IP address from a particular IP address. Which adds authentication and little else on top of the paragraph you cited: 


"The real question is whether the tunnelling system provides _ANY_
security controls above and beyond ip/src/dest/logging."



Fred


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: