Firewall Wizards mailing list archives
Re: Proxy 2.0 secure?
From: ark () eltex ru
Date: Mon, 29 Jun 1998 20:07:28 GMT
-----BEGIN PGP SIGNED MESSAGE----- nuqneH, "Brian Steele" <steele_b () spiceisle com> said :
Dynamic DHCP is _BAD_. I see no reason for anyone to use it.And why is it bad? Almost everyone I've spoken with suggest dynamic IP allocation for the PCs on our LAN, and the use of WINS/DNS for name resolving (MS's implementation of DNS uses WINS to determine the names associated with each PC, so there's really no need for static addressing).
Just because you can't use tools that monitor and control network access on IP address basis. ..and why is it good? Getting stuck with dirty hack like M$ DNS? WHY??? Why don't just use static addressing scheme?
Use static DHCP and enforce it with switching hubs and tools like arpwatch. That will provide much more control and monitoring features.A static addressing scheme will be a nightmare on our LAN, particularly as we're facing a potential IP renumbering exercise when our LAN is connected via TCP/IP to the other business units.
I don't see any problems with renumbering. I don't even see why dynamic DHCP makes it more easy.
Will I be able to move to another PC and continue to enjoy my privileged access to the Internet without any reconfiguration on the partofthe PC or the server, while another user is only allowed HTTP access to certain sites from my PC, based on his authentication level under NT,againall transparently?Are you _sure_ you _need_ that? Are you sure it is a good idea from the security viewpoint? I'd better not to allow such things.I'm firmly on the side of the one username/ one password security scheme for an internal LAN - otherwise moronic users (and the level of "moronity" seems to rise the further you go up in management, which tend to have access to more confidential information than the rank and file) who are assigned multiple usernames/passwords would tend to write them down or otherwise take note of them to remember them - BIG security risk.
a) It fails completely on geterogenous environments (out of 'dose world) b) you can't use any standard tools that deal with IP addresses c) i am sure it is mandatory not to perform sensitive operations on computer that does not conform security requirements - like some untrusted user's desktop machine. Should i tell why? Enforce physical security. And - for me - better security is much more important than operation trasparency - i'd say non-transparent operations are better because they give users chance to THINK what are they doing. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNZfz/6H/mIJW9LeBAQEMDQQApiclC+KGmxf8miBQrgsvT16LKtg5trvZ gq8jLo0G+Sw52egGxZyTJqGs0SYXsfaswdSUrw/vgU76lnCwmiSVzZOemUWyN0CQ F3J3zpkTd/Q5MySQ92HH21eZ6JQqMfkhCVNeqw131Jp1XpVixKII/QPGL0Atd8i0 x/qoi763Kmg= =62Ue -----END PGP SIGNATURE-----
Current thread:
- Re: Proxy 2.0 secure?, (continued)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 26)
- Re: Proxy 2.0 secure? ark (Jun 26)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 26)
- Re: Proxy 2.0 secure? Gillian Steele (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 26)
- Re: Proxy 2.0 secure? Brian Steele (Jun 28)
- Re: Proxy 2.0 secure? Rodney van den Oever (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- Re: Proxy 2.0 secure? John McDermott (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? NetSurfer (Jun 30)
- Re: Proxy 2.0 secure? John McDermott (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? Ryan Russell (Jun 29)
(Thread continues...)