Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: Frederick M Avolio <fred () avolio com>
Date: Tue, 08 Apr 2003 15:07:08 -0400
No one discussed the benefits of using an encrypted, authenticated tunnel (SSL, SSH, ...), which do provide additional controls. If I were developing/deploying a (presumably) distributed application *today*, I would begin with the assumption that I need stronger authentication than UIPW, message integrity, and message confidentiality. Many of the problems we struggle to correct today stem from the fact that we think of security as something orthogonal to application functionality rather than a core component/requirement.
Of course, encryption exacerbates the problem. :-) We can then gain a tremendously high level of assurance that Dave Piscitello did something over SSL to a particular IP address from a particular IP address. Which adds authentication and little else on top of the paragraph you cited:
"The real question is whether the tunnelling system provides _ANY_ security controls above and beyond ip/src/dest/logging."
Fred _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application requires VPN - How are these handled?, (continued)
- Re: Application requires VPN - How are these handled? Paul Robertson (Apr 01)
- Re: Application requires VPN - How are these handled? Mike Scher (Apr 02)
- tunnel vs open a hole Anton A. Chuvakin (Apr 06)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 06)
- Re: tunnel vs open a hole Barney Wolff (Apr 06)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 06)
- Re: tunnel vs open a hole Crispin Cowan (Apr 07)
- Re: tunnel vs open a hole Barney Wolff (Apr 07)
- Re: tunnel vs open a hole Crispin Cowan (Apr 07)
- Re: tunnel vs open a hole Dave Piscitello (Apr 08)
- Re: tunnel vs open a hole Frederick M Avolio (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 08)
- Re: tunnel vs open a hole Dave Piscitello (Apr 08)
- Re: tunnel vs open a hole Frederick M Avolio (Apr 09)
- Re: tunnel vs open a hole Frank Knobbe (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 06)
- Re: tunnel vs open a hole Mikael Olsson (Apr 06)
- Re: tunnel vs open a hole Bernie, CTA (Apr 06)
- Re: tunnel vs open a hole Christine Kronberg (Apr 07)
- Re: tunnel vs open a hole Anton A. Chuvakin (Apr 07)
- Re: tunnel vs open a hole R. DuFresne (Apr 07)