nanog mailing list archives
Re: VPN clients and security models
From: Valdis.Kletnieks () vt edu
Date: Tue, 28 Jan 2003 12:41:56 -0500
On Tue, 28 Jan 2003 11:52:39 EST, alex () yuriev com said:
Welcome to the world of formal security models. If in theory a VPN is nothing more than a tool of extending the security policy of a site to a remote location, then it does not matter what kind of things you try to achieve with it, it *wont* work for anything other than extending a security model of a site to a remote location. Can one try to use it for something else? Sure, one can. It may even work for a little bit, as long as it does not contradict that security model.
Right. In the *formal* sense, this is correct. But that's not how things work out in the Real World. As I pointed out before, you have *USERS* involved, and they'll do stupid things like try to connect their laptop to the internet. And as I also pointed out, if the head of a TLA screws up and Gets This Wrong, why should we expect untrained, non-security-aware users to Get It Right? The problem is exacerbated by the fact that these mobile laptops are usually *NOT* configured like a kiosk, where the user is unable to make any changes.
that site, then why are you not using the site mail server or why is the VPN client lets you not use it? If it does not enforce the site's security policy, then it is a BAD VPN client.
And when the VPN client isn't even running, what stops the user from changing the mail software config to fetch his mail from some other server like AOL or MSN or whatever? Remember - users do NOT care about security. Users care about finishing whatever task THEY are busy with, which is almost never security. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Re: Level3 routing issues?, (continued)
- Re: Level3 routing issues? Valdis . Kletnieks (Jan 27)
- Re: Level3 routing issues? alex (Jan 27)
- Re: Level3 routing issues? Simon Lockhart (Jan 27)
- Re: Level3 routing issues? alex (Jan 27)
- Re: Level3 routing issues? Simon Lockhart (Jan 27)
- Re: Level3 routing issues? alex (Jan 27)
- Re: Level3 routing issues? Valdis . Kletnieks (Jan 27)
- Re: Level3 routing issues? alex (Jan 27)
- Re: Level3 routing issues? David Howe (Jan 28)
- VPN clients and security models alex (Jan 28)
- Re: VPN clients and security models Valdis . Kletnieks (Jan 28)
- Re: VPN clients and security models David Howe (Jan 28)
- Re: Level3 routing issues? Iljitsch van Beijnum (Jan 26)
- Re: Level3 routing issues? Robert A. Hayden (Jan 25)
- Re: Level3 routing issues? Jack Bates (Jan 25)
- Re: Level3 routing issues? Daniel Senie (Jan 25)
- Re: Level3 routing issues? Jared Mauch (Jan 25)
- Re: Level3 routing issues? Avleen Vig (Jan 25)
- Re: Level3 routing issues? Jack Bates (Jan 25)
- Re: Level3 routing issues? Alex Rubenstein (Jan 25)
- Re: Level3 routing issues? C. Jon Larsen (Jan 25)