1996-01-24 - Re: IPSEC == end of firewalls

Header Data

From: Ben <adept@minerva.cis.yale.edu>
To: cypherpunks@toad.com
Message Hash: aa3973ec705a2e9de96b9d26d24ea03ea3e26e006802aa4cf63be2a4151bcb0d
Message ID: <Pine.SOL.3.91.960123184450.22387D-100000@minerva>
Reply To: <9601232016.AA22238@su1.in.net>
UTC Datetime: 1996-01-24 02:04:16 UTC
Raw Date: Wed, 24 Jan 1996 10:04:16 +0800

Raw message

From: Ben <adept@minerva.cis.yale.edu>
Date: Wed, 24 Jan 1996 10:04:16 +0800
To: cypherpunks@toad.com
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601232016.AA22238@su1.in.net>
Message-ID: <Pine.SOL.3.91.960123184450.22387D-100000@minerva>
MIME-Version: 1.0
Content-Type: text/plain


Because this has Cpunks relevance in the use of crypto, I'm going to keep 
it on this list...

> remain relatively secure.  However, I am I'm not saying that adding
> firewalling capabilities would make the system invincible.  I *am* 
> saying that it would provide the system with more security than it 
> currently has and would help to reduce (not eliminate) some risks 
> associated with networking.  

But what does it mean to add 'firewalling capabilities' to an O/S?  By 
definition, a firewall is supposed to stop the spread of 'fire' by being 
the sole mechanism for the interchange of packets.

If you're referring to making a hardened OS that can protect itself 
through the use of well written code, memory protections, etc. then, yes 
by all means add it to your OS, but these shouldn't be luxuries in that 
they're thought of as 'firewalling' features.  Rather these things should 
be compulsory in the development of OS's.

> Of course, it would be terrific if the vendors would produce Operating 
> Systems which are secure AND usable.  (I think the market will eventually 
> demand this from vendors, but this probably won't happen in the next year 
> or two.)

Even if OS's could be secure(lets not get into Orange Book here) they 
would need constant updating.  Most users have problems printing, let 
alone installing patches and tweaking afterwards to deal with conflicts.  
And you can't expect IS to micromanage the corporation's entire fleet of 
machines.

This would be nice, and would be a good start, but like I said above, 
these things shouldn't be considered to be luxuries.  Rather they should 
be compulsory.  That doesn't mean that they will obsolete firewalls by 
any stretch of the imagination.

Ben.

(I'm starting to think Frank may have been right to move this to 
firewalls.  I think I'll crosspost this message too)
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed        Finger samman@suned.cs.yale.edu for key
Want to hire a soon-to-be college grad? 		Mail me for resume






Thread