Firewall Wizards mailing list archives

Re: Aside from Firewall ..

From: Crispin Cowan <crispin () cse ogi edu>
Date: Wed, 14 Jul 1999 00:48:05 -0700

Thomas Crowe wrote:

I would sat that the only reason for Digital Cert. based
authentication or VPN encryption is if you are communicating over a
"public" network. IOW If there is ANYONE else on the wire that should
not see the transmissions then by all means encrypt the transmissions
AND require secure authentication. However if the circuit is direct
point to point between 2 trusted networks, then it is really a waste
of time, money, and other resources.


Except that all wires that leave your desktop should be considered
"public", because there is no physical way to detect whether someone has
tapped the wire.  This is especially true if the wire leaves your
building, or if the wire goes into a closet that's shared with other
organizations.

Since you have no way of determining that you're beaing tapped, the
expense of protecting your privacy should be compared against the cost
of getting hacked.  Since SSH is free and convenient, I basically never
send any personal data anywhere without encrypting it.

Crispin
-----
 Crispin Cowan, Research Assistant Professor of Computer Science, OGI
    NEW:  Protect Your Linux Host with StackGuard'd Programs  :FREE
       http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

Current thread:

Aside from Firewall .. C. K. Lung (Jul 12)
- Re: Aside from Firewall .. Joseph S D Yao (Jul 12)
- Re: Aside from Firewall .. Tina Bird (Jul 13)
- RE: Aside from Firewall .. Thomas Crowe (Jul 13)
  - Re: Aside from Firewall .. Crispin Cowan (Jul 14)