IPSEC == end of firewalls
Ben
adept at minerva.cis.yale.edu
Tue Jan 23 09:33:49 PST 1996
> functionality of most firewalls would eventually be an add-on application
> option for Operating Systems and that eventually it will be a standard
> part of every Operating System. Until then, we have to punt & keep using
> firewalls.
I'm not so convinced that adding 'firewall functionality' to an OS is
such a good idea. The idea behind having a firewall is that
* You have a hardened host that has been stripped of
anything that could be used by an attacker to compromise
other systems
* You have a single machine that serves as the sole port of
entry into your domain. By keeping your defense perimeter
nice and small it makes it manageable to maintain.
When you start trying to swtich firewall functionality to an OS you lose
both these advantages. You no longer have a system that is stripped of
compilers, scripting languages, etc, and you now have a much larger
security perimeter.
Ben.
____
Ben Samman..............................................samman at cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation." -Anais Nin
PGP Encrypted Mail Welcomed Finger samman at suned.cs.yale.edu for key
Want to hire a soon-to-be college grad? Mail me for resume
More information about the cypherpunks-legacy
mailing list