|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use RequirementsScott, If there is 'required to implement' security that is later found compromised by a man in the middle or through a spoofing mechanism, would such a mandate in the end ensure an open door for those familiar with this 'required to provide' security weakness? Could you recommend a security scheme that is safe from this type of attack? Could security mandates be limited to user authentication and authorization? Compression-Encryptions passes are computationally expensive processes that offer little benefit in many configurations. If there is a mandated security, cryptographic resources should be limited to authentication. Yes, I understand the present thinking is to have the SCSI device report authorization. This brings up the question, how does the SCSI device know and what scheme is it using. It would seem foolish to insist on a security mandate than then level such a major hole in allowing security management. Doug > John asks: > > That > > is, it could be acceptable to have a gateway box included in the must > > implement. > > how would this deal with the case where the "gateway box" is built into > a device? (i.e. no seperate gateway box) > > Scott >
Home Last updated: Tue Sep 04 01:05:34 2001 6315 messages in chronological order |