Re: Defense in Depth to the Desktop

[Chris Pugrud <cpugrud () yahoo com>]

--- Magosányi Árpád <mag () bunuel tii matav hu> wrote:

> A levelezõm azt hiszi, hogy Chris Pugrud a következõeket írta:
> > Overview
> [one subnet for servers, one for clients, separated by a firewall]
>
> > In addition to the firewall, the client systems are fully isolated from
> each
> > other by layer 2 controls (private vlans).  The servers may be similarly
> > isolated, but doing so is minimally effective and damaging to server to
> server
> > communications.
>
> It is interesting to note that what you propose can be viewed as an
> example of the Bell-LaPadula modell with two security levels.
This was recently pointed out to me, and I will be framing my academic writeup
more along those lines.  It would be more helpful if I can frame it in terms of
Sandhu's SPM because of the decidable safety properties of SPM.  It also
doesn't hurt that Sandhu is my advisor.  Thinking about the model in those
terms adds to the vocabulary as well as making the analisys more interesting,
but it will take me a few more months to really wrap my head around.

> There are questions regarding the scaleability and the resource needs of
> such a setup.
> -How can you scale it to an intranet which have hundreds or thousands of
> subnets, with tens or hundreds of separate application servers
> geographically scattered?
>
> My answer would be using VPNs, which makes configuration and network
> usage more resource intensive.
>
> -What approaches could you use to minimize configuration overhead and
> network resource utilisation, especially on a large intranet?
You ask the immediately hard question, scalability in very large and complex
organizations.  The primary focus of the model is controlling access to the
clients.  If each locations client subnets are treated like protected enclaves
with one-way access controls, everything else across the WAN can be treated
generically.  The most important thing to tightly control is the systems that
are allowed to initiate access into the clients.

> You also seem to forget that there is a world beyond Microsoft, but
> this have little impact on the question.

Absolutely.  Microsoft protocols are the bad actors that tend to break the
standard client-server access model, that is, everything is client initiated. 
Most application protocols outside of Microsoft tend to be well behaved,
documented, and predictable.

It's important to note that the model is only viewed as a piece of the puzzle,
filling the missing gap that I see between the perimeter and internal systems.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards