Firewall Wizards mailing list archives
Re: Defense in Depth to the Desktop
From: Chris Pugrud <cpugrud () yahoo com>
Date: Mon, 6 Dec 2004 08:08:02 -0800 (PST)
--- Magosányi Árpád <mag () bunuel tii matav hu> wrote:
A levelezõm azt hiszi, hogy Chris Pugrud a következõeket írta:Overview[one subnet for servers, one for clients, separated by a firewall]In addition to the firewall, the client systems are fully isolated fromeachother by layer 2 controls (private vlans). The servers may be similarly isolated, but doing so is minimally effective and damaging to server toservercommunications.It is interesting to note that what you propose can be viewed as an example of the Bell-LaPadula modell with two security levels.
This was recently pointed out to me, and I will be framing my academic writeup more along those lines. It would be more helpful if I can frame it in terms of Sandhu's SPM because of the decidable safety properties of SPM. It also doesn't hurt that Sandhu is my advisor. Thinking about the model in those terms adds to the vocabulary as well as making the analisys more interesting, but it will take me a few more months to really wrap my head around.
There are questions regarding the scaleability and the resource needs of such a setup. -How can you scale it to an intranet which have hundreds or thousands of subnets, with tens or hundreds of separate application servers geographically scattered? My answer would be using VPNs, which makes configuration and network usage more resource intensive. -What approaches could you use to minimize configuration overhead and network resource utilisation, especially on a large intranet?
You ask the immediately hard question, scalability in very large and complex organizations. The primary focus of the model is controlling access to the clients. If each locations client subnets are treated like protected enclaves with one-way access controls, everything else across the WAN can be treated generically. The most important thing to tightly control is the systems that are allowed to initiate access into the clients.
You also seem to forget that there is a world beyond Microsoft, but this have little impact on the question.
Absolutely. Microsoft protocols are the bad actors that tend to break the standard client-server access model, that is, everything is client initiated. Most application protocols outside of Microsoft tend to be well behaved, documented, and predictable. It's important to note that the model is only viewed as a piece of the puzzle, filling the missing gap that I see between the perimeter and internal systems. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Defense in Depth to the Desktop Chris Pugrud (Dec 05)
- Re: Defense in Depth to the Desktop Magosányi Árpád (Dec 07)
- Re: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
- Re: Defense in Depth to the Desktop Magosányi Árpád (Dec 11)
- protection models Chris Pugrud (Dec 11)
- Re: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
- Re: Defense in Depth to the Desktop Magosányi Árpád (Dec 07)
- Re: Defense in Depth to the Desktop Rogan Dawes (Dec 07)
- Re: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
- RE: Defense in Depth to the Desktop Ben Nagy (Dec 07)
- RE: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
- RE: Defense in Depth to the Desktop Scott Stursa (Dec 11)
- RE: Defense in Depth to the Desktop Chris Pugrud (Dec 11)
- RE: Defense in Depth to the Desktop Chris Pugrud (Dec 07)