Re: tunnel vs open a hole

[Dave Piscitello <dave () corecom com>]

At 03:07 PM 4/8/2003 -0400, Frederick M Avolio wrote:

>Of course, encryption exacerbates the problem. :-) We can then gain a 
tremendously high level of >assurance that Dave Piscitello did something 
over SSL to a particular IP address from a particular >IP address.

This "opaque tunnel is worse than a cleartext channel" argument is tiresome.
If you qualify the argument with "ill-conceived deployment [of opaque tunnels]"
then I concede this is as perceptive an claim as "leaving a local console 
logged in
as root and unattended is A Bad Idea".

Odd, but I thought having a temendously high level of assurance
that the identity at the client end of an tunnel is indeed Dave Piscitello
allows you to constrain what Dave is permitted to access and execute.
Encrypting the tunnel protects authentication and information exchange.

Yes, VPNs are imperfect extensions to an already imperfect (login) model.
They try to create as close a semblance to a "local session" UI as possible.
Isn't this a cost of distributed/mobile/extreme computing?

We *could* all go back to requiring client access from a physically secured
premise, to a glass-enclosed central computer. And of course we are now
so sophisticated with our biometrics that shy of "Mission Impossible"
calibre attackers, we are *assured* no unauthorized activity can take place.

My point is that in response to Anton's *original* posting, and Marcus' claim,
SSH/SSL/VPN is *one* more security measure/layer. The root cause
you and Adam identify as killing indictments of VPNs - compromised 
identities - is
an inherited problem, not one unique to VPNs.

Oh, yes, it is exacerbated by allowing tens of millions of people *promiscuous*
use of a global networking infrastructure. Sorry, I lost myself for a moment.


At 03:07 PM 4/8/2003 -0400, Frederick M Avolio wrote:

> > No one discussed the benefits of using an encrypted, authenticated
> > tunnel (SSL, SSH, ...), which do provide additional controls. If I were
> > developing/deploying a (presumably) distributed application *today*,
> > I would begin with the assumption that I need stronger authentication
> > than UIPW, message integrity, and message confidentiality. Many of
> > the problems we struggle to correct today stem from the fact that
> > we think of security as something orthogonal to application functionality
> > rather than a core component/requirement.
>
>
> Of course, encryption exacerbates the problem. :-) We can then gain a 
> tremendously high level of assurance that Dave Piscitello did something 
> over SSL to a particular IP address from a particular IP address. Which 
> adds authentication and little else on top of the paragraph you cited:
>
> > "The real question is whether the tunnelling system provides _ANY_
> > security controls above and beyond ip/src/dest/logging."
>
>
> Fred


David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
843.689.5595
www.corecom.com



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards