Firewall Wizards mailing list archives
Re[2]: Firewalls/Internet Security - TNG
From: Rick_Giering_at_mpg003 () ccmailgw mcgawpark baxter com
Date: Wed, 10 Dec 1997 13:19:32 -0600
Author: "Wright; Steven" <SWright () v-one com> at Internet Date: 12/9/97 2:18 PM
Edward Cracknell writes: So, firewall development is slowing/stopped. Intrusion detection is > the future.....then where?Marcus J. Ranum writes:Where next? I think that for security products to succeed, and
for
network/system management products to succeed, the two must >>become one.
I can do nothing more than ecstatically agree with MJR!!!!! Steven R. Wright Sr. Software Engineer V-ONE Corporation swright () v-one com
I think this is missing an important area, application and system level security. I know that the trend over the last 20 or so years has been to separate system, application, and network security. But, I believe this has resulted in problems like virus's, ActiveX, and the current abuse of http. People have made a big issue of late that the network is the computer. If so, then you can't have network security separate from system security. If the network is the system, they are one in the same. Next, almost all security abuses are application abuses. Why? Because 1) developers are busy writing useful and "cool" code and don't have much time for the security aspects of what they are doing (witness the rise of client/server non-firewall capable web server management products ala Frontpage) and 2) users don't care about the details (including security details); they just want the "cool" and useful apps those developers are developing. In the end, developers will find a way around any security wall either through politics (wave enough money at a marketing type and he can do anything!) or by using existing paths for non-conventional uses (eg. transporting software over http like Pointcast, ActiveX, Java, etc.) We haven't even talked about client/server apps that use RPC! I think they will be the next exposion as vendors produce tools that make DCOM over RPC braindead simple to implement. My personal view is that security is a joke and will continue to be until applications and data merge. Then, there are no "applications," just smart data that can change and reconfigure itself. The network/system provides 1) a transport and place for the data to "run/exec" and 2) the means for authenticating users, systems, network interfaces, and the smart data's themselves. This smart data also contains all of it's own security. This results in security no matter where the data resides and no matter how it got there (floppy, network, tape, email, etc.) I know this view is pretty radical but I don't think anyone will implement anyway. Comments? Rick Giering Note: These are my views and having to do with my employer.
Received: from ns1.baxter.com (159.198.180.56) by ccmailgw.mcgawpark.baxter.com with SMTP (IMA Internet Exchange 2.1 Enterprise) id 00279D29; Wed, 10 Dec 97 08:47:45 -0600 Received: from nfr.net (tower.nfr.net [208.196.145.10]) by ns1.baxter.com (8.8.0/8.8.0) with ESMTP id CAA22645 for <Rick_Giering_at_mpg003 () ccmailgw mcgawpark baxter com>; Wed, 10 Dec 1997 02:25:02 -0600 (CST) Received: (from lists@localhost) by nfr.net (8.8.8/8.8.8) id XAA18003 for firewall-wizards-outgoing; Tue, 9 Dec 1997 23:23:34 -0600 (CST) X-Authentication-Warning: nfr.net: lists set sender to owner-firewall-wizards () nfr net using -f Received: (from fwiz@localhost) by nfr.net (8.8.8/8.8.8) id XAA17992 for firewall-wizards () nfr net; Tue, 9 Dec 1997 23:23:22 -0600 (CST) Received: from smartwall.v-one.com (smartwall.v-one.com [206.151.78.11]) by nfr.net (8.8.8/8.8.8) with ESMTP id NAA15578; Tue, 9 Dec 1997 13:15:52 -0600 (CST) Received: by smartwall.v-one.com; id OAA03093; Tue, 9 Dec 1997 14:15:50 -0500 (EST) Received: from nt-fs1.v-one.com(198.69.135.3) by smartwall.v-one.com via smap (3.2) id xma003087; Tue, 9 Dec 97 14:15:41 -0500 Received: by nt-fs1.v-one.com with Internet Mail Service (5.0.1457.3) id <YSBW7J94>; Tue, 9 Dec 1997 14:18:12 -0500 Message-ID: <9D6D00AF5C10D111ABA8080009EC3D2D011A94 () nt-fs1 v-one com> From: "Wright, Steven" <SWright () v-one com> To: firewall-wizards () nfr net, "'Marcus J. Ranum'" <mjr () nfr net> Subject: RE: Firewalls/Internet Security - TNG Date: Tue, 9 Dec 1997 14:18:10 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-firewall-wizards () nfr net Precedence: bulk Reply-To: "Wright, Steven" <SWright () v-one com>
Current thread:
- Firewalls/Internet Security - TNG Edward Cracknell (Dec 01)
- Re: Firewalls/Internet Security - TNG Ted Doty (Dec 03)
- Re: Firewalls/Internet Security - TNG Larry J. Hughes Jr. (Dec 03)
- Re: Firewalls/Internet Security - TNG Frank Willoughby (Dec 03)
- Re: Firewalls/Internet Security - TNG Marcus J. Ranum (Dec 08)
- Re[2]: Firewalls/Internet Security - TNG Edward Cracknell (Dec 09)
- Re: Firewalls/Internet Security - TNG Fred Donck (Dec 11)
- <Possible follow-ups>
- RE: Firewalls/Internet Security - TNG Safier, Adam (GEIS) (Dec 03)
- RE: Firewalls/Internet Security - TNG Wright, Steven (Dec 09)
- Re[2]: Firewalls/Internet Security - TNG Rick_Giering_at_mpg003 (Dec 11)
- Re: Re[2]: Firewalls/Internet Security - TNG Joseph S. D. Yao (Dec 11)
- Re: Re[2]: Firewalls/Internet Security - TNG Rudolf Schreiner (Dec 12)
- Re: Re[2]: Firewalls/Internet Security - TNG Joseph S. D. Yao (Dec 11)