Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: FW: CISCO PIX Vulnerability

From: Ted Doty <ted () iss net>
Date: Thu, 18 Jun 1998 09:42:12 -0400
At 01:27 PM 6/17/98 -0500, Rick Smith wrote:

At 01:51 PM 6/17/98 -0700, Hal wrote:



Gosh, I thought only NSA people argued like that. 


NSA people don't argue. They just issue you the crypto. If it doesn't solve
your problem, you have to either do the job unprotected or rearrange the
job to fit their architectural straitjacket. In Desert Storm, people
sometimes had to do without, since they couldn't always fit things into the
straitjacket.


This is why the military tactical radios come with a "Transmit in the
clear" switch.  When the general tells you to call in the airstrikes, he
doesn't want to hear "But sir, they're behind a NAT gateway and the AH MD5
checksum doesn't match."


In the commercial world we ought to be able to do better than that.


I don't think we'll always have that luxury.  There will be times that
policy will have to be overridden by appropriate authorities, and our
systems need to be able to support this.

I kind of think we're argiung the same thing, tho.

- Ted

-----------------------------------------------------------------------
Ted Doty, Internet Security Systems          | Phone: +1 678 443-6000
6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax:   +1 678 443-6479
Atlanta, GA 30328  USA                       | Web: http://www.iss.net
-----------------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689  FD0F E625 D525 E1BE
Previous By Date Next
Previous By Thread Next

Current thread: