SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements



    Scott,
    
    If there is 'required to implement' security that is later found compromised
    by a man in the middle or through a spoofing mechanism, would such a mandate
    in the end ensure an open door for those familiar with this 'required to
    provide' security weakness?  Could you recommend a security scheme that is
    safe from this type of attack?
    
    Could security mandates be limited to user authentication and authorization?
    Compression-Encryptions passes are computationally expensive processes that
    offer little benefit in many configurations.  If there is a mandated
    security, cryptographic resources should be limited to authentication.  Yes,
    I understand the present thinking is to have the SCSI device report
    authorization.  This brings up the question, how does the SCSI device know
    and what scheme is it using.  It would seem foolish to insist on a security
    mandate than then level such a major hole in allowing security management.
    
    Doug
    
    
    
    > John asks:
    > > That
    > > is, it could be acceptable to have a gateway box included in the must
    > > implement.
    >
    > how would this deal with the case where the "gateway box" is built into
    > a device? (i.e. no seperate gateway box)
    >
    > Scott
    >
    
    


Home

Last updated: Tue Sep 04 01:05:34 2001
6315 messages in chronological order