Firewall Wizards mailing list archives
Re: General security question
From: "daN." <dan () nesmail com>
Date: Tue, 14 Nov 2000 05:54:34 -0800
At 04:29 PM 11/12/00 -0500, George Capehart wrote: <snip>
The advantage of using the drop box is that it is a destination over which the sender has some control and confidence in the security of. The sender will only put data to it, so it never has to worry about the security of inbound connections. The receiver is only allowed to pull data from it, so theoretically, the sender is the only source of data for it. If the sender encrypts and signs the data it puts there, the receiver can verify the integrity and confidentiality of the data as well as the identity of the source. If the signature can't be verified or the payload cannot be decrypted, the data can be discarded and a retransmission requested.
<snip>The only issue I have with drop boxes is now you have 3 components instead of 2, the more components you add to your security system, the more difficult it is to ensure that all components are equally secure. the weakest link in the chain thing...In some very specially cases where alot of dollars are involved a drop box is ideal because you are almost completely isolating the two networks from each other, however if the receiver finds scp an acceptable security risk into their network. You as the sender are not making your system much more vulnerable by sending to a host inside their network, then by sending to a host in your own DMZ. Both other networks could potentially be rooted and/or malicious but the solution is much simpler and therefore less likely to break if not constantly monitored. Its really a risk management decision, and like House Insurance should be based on how much value you are trying to protect, and how much would it cost you to loose it.
daN. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: General security question, (continued)
- Re: General security question Carson Gaspar (Nov 13)
- Re: General security question Marcus J. Ranum (Nov 13)
- Re: General security question Carson Gaspar (Nov 13)
- Re: General security question Marcus J. Ranum (Nov 12)
- Re: General security question Jonas Eriksson (Nov 13)
- Re: General security question Todd Joseph (Nov 13)
- Re: General security question Frederick M Avolio (Nov 13)
- Re: General security question Stephen P. Berry (Nov 13)
- RE: General security question Loomis, Rip (Nov 13)
- RE: General security question Jensen, Greg (Nov 13)
- Re: General security question George Capehart (Nov 13)
- Re: General security question daN. (Nov 15)
- Re: General security question Magosányi Árpád (Nov 15)
- Re: General security question daN. (Nov 15)
- Re: General security question George Capehart (Nov 13)
- Re: General security question istong (Nov 13)
- Re: General security question H. Morrow Long (Nov 14)