From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 00:12:52 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601231159.AA27033@su1.in.net>
Message-ID: <199601231530.KAA10525@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Frank Willoughby writes:
> While IP level security & authentication will go a long way to help 
> prevent abuses and reduce unauthorized accesses, I doubt if it will
> provide enough protection by itself.

I agree with this, but...

> o Node Spoofing will probably still be possible

Nope. It won't.

> o The connections will probably also be subject to man-in-the-middle attacks
>    (Never underestimate the creativity of people who want to compromise your
>    networks)

No, they won't be subject to such attacks any longer.

The real problem, as you noted, is that our applications aren't very
secure.

> I suspect even when firewalls are embedded in the O/S,

That would be somewhat meaningless. The point of a firewall, as others
here have noted, is that it is easier to secure one machine than five
hundred or ten thousand.

> IMHO, the first company to include a firewall as a standard part of their
> Operating Systems has a real good shot at increasing their market share.  

Again, somewhat meaningless, as a real firewall involves defense in
depth (screening routers, a bastion proxy host, etc) and is more of a
configuration issue than an O.S. issue.

Perry