From: “Dave Emery” <die@pig.die.com>
To: perry@piermont.com
Message Hash: 83336f79eb864512c6d5e7f6fcabbdd4d101c0fa987862ebd61815664d71f025
Message ID: <9601230342.AA04490@pig.die.com>
Reply To: <199601230207.VAA08601@jekyll.piermont.com>
UTC Datetime: 1996-01-23 03:59:31 UTC
Raw Date: Mon, 22 Jan 96 19:59:31 PST
From: "Dave Emery" <die@pig.die.com>
Date: Mon, 22 Jan 96 19:59:31 PST
To: perry@piermont.com
Subject: Re: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the Melting of Mr.)
In-Reply-To: <199601230207.VAA08601@jekyll.piermont.com>
Message-ID: <9601230342.AA04490@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain
Perry writes...
>
> can get rid of the firewalls. I, for one, don't -- they are there
> largely because people don't trust that their networking software is
> free of security holes, and cryptography doesn't fix security holes
> for the most part.
Perhaps I'm nieve, but I've always understood that one of the
primary functions firewalls accomplish is insulating from most easy
attacks large numbers of random machines in an organization that may not
be all perfectly administered, 100% under control of competant security
wise users, and configured correctly for maximum security with all the
latest rev's of stuff.
Seems unclear that IP level security and authentication will
totally eliminate the problems caused by buggy software and
clueless or careless users, or overloaded security staffs who
don't have time to update everybody and check everything immediately
on networks with thousands of machines.
Having one or two machines to keep secure instead of thousands
seems like a big win.
Dave Emery
Return to January 1996
Return to “Simon Spero <ses@tipper.oit.unc.edu>”