IPSEC == end of firewalls

Ben adept at minerva.cis.yale.edu
Tue Jan 23 18:04:16 PST 1996 

Because this has Cpunks relevance in the use of crypto, I'm going to keep 
it on this list...

> remain relatively secure.  However, I am I'm not saying that adding
> firewalling capabilities would make the system invincible.  I *am* 
> saying that it would provide the system with more security than it 
> currently has and would help to reduce (not eliminate) some risks 
> associated with networking.  

But what does it mean to add 'firewalling capabilities' to an O/S?  By 
definition, a firewall is supposed to stop the spread of 'fire' by being 
the sole mechanism for the interchange of packets.

If you're referring to making a hardened OS that can protect itself 
through the use of well written code, memory protections, etc. then, yes 
by all means add it to your OS, but these shouldn't be luxuries in that 
they're thought of as 'firewalling' features.  Rather these things should 
be compulsory in the development of OS's.

> Of course, it would be terrific if the vendors would produce Operating 
> Systems which are secure AND usable.  (I think the market will eventually 
> demand this from vendors, but this probably won't happen in the next year 
> or two.)

Even if OS's could be secure(lets not get into Orange Book here) they 
would need constant updating.  Most users have problems printing, let 
alone installing patches and tweaking afterwards to deal with conflicts.  
And you can't expect IS to micromanage the corporation's entire fleet of 
machines.

This would be nice, and would be a good start, but like I said above, 
these things shouldn't be considered to be luxuries.  Rather they should 
be compulsory.  That doesn't mean that they will obsolete firewalls by 
any stretch of the imagination.

Ben.

(I'm starting to think Frank may have been right to move this to 
firewalls.  I think I'll crosspost this message too)
____
Ben Samman..............................................samman at cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed        Finger samman at suned.cs.yale.edu for key
Want to hire a soon-to-be college grad? 		Mail me for resume

More information about the cypherpunks-legacy mailing list