Re: saag whyenc draft (was RE: Security Gateways)

To: Joshua Tseng <jtseng@NishanSystems.com>
Subject: Re: saag whyenc draft (was RE: Security Gateways)
From: Theodore Tso <tytso@mit.edu>
Date: Wed, 8 Aug 2001 06:29:58 -0400
Cc: "'Williams, Jim'" <Jim.Williams@emulex.com>, "'Black_David@emc.com'" <Black_David@emc.com>, ips@ece.cmu.edu
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <B300BD9620BCD411A366009027C21D9B5BADD2@ariel.nishansystems.com>; from jtseng@NishanSystems.com on Tue, Aug 07, 2001 at 12:18:04AM -0700
References: <B300BD9620BCD411A366009027C21D9B5BADD2@ariel.nishansystems.com>
Sender: owner-ips@ece.cmu.edu
User-Agent: Mutt/1.3.15i

On Tue, Aug 07, 2001 at 12:18:04AM -0700, Joshua Tseng wrote:
> And despite all the touted advantages
> of the pure end-to-end security model, do we have any experience
> with it? I think not.

Actually, quite a few organizations have had a lot of experince with a
pure end-to-end security model.  Try just about any university, which
simply can't run with firewalls because every single professor has
collaborative research projects with so many folks at other
organizations that a firewall would be pointless (there'd be so many
holes in the firewalls that you might as well not bother).

> One immediate consequence I can think of is that iSCSI devices will
> not be able to leverage the services of a security gateway, unless you
> have distributed the encryption keys for your iSCSI session to that
> firewall.  And contrary to the negative things said about them,
> security gateways are, and IMO will continue to be, an important
> component to any enterprise's security infrastructure for the forseeable
> future.  They are a bottleneck for all traffic entering the network,
> making it much easier for the administrator to monitor security threats
> to that network, since he only has to monitor his few security gateways,
> instead of each of his 1000's of hosts.

... and when someone takes their infected Windows 2000 laptop back
behind the corporate firewall, viruses such as Code Red generally
rampage completely out of control, since people behind the firewall
get careless and assume that they don't need to worry about security
or applying the latest security patches or service packs behind the
firewall.

This has happened to at least three companies, according to reports
from IETF'ers.  One of them at last count hadn't been able to read
e-mail for the last 48+ hours because Code Red was disrupting the
internal network so badly that he wasn't able to get to his corporate
mail servers.

If you think that administrators only need to monitor the few security
gateways, in order to assure the security of the enterprise, you're
beeing hopelessly optimistic.

That being said, no one is saying that security firewalls should be
thrown out; first of all, by saying that security should be mandatory
to implement, it gives the choice of whether or not the encryption
should be turned on to the user.  Mantory to implement != manadatory
to use.  Secondly, defense in depth is important.  

Even behind my corporate firewall of my company, I maintain my
personal machines as if there were no firewall, and use encrypted
connections for everything.  This meant that after we got badly
attacked by hackers who were able to pierce the corporate firewalls, I
wasn't affected.  However the naive folks who assumed they didn't need
to worry about security because the firewall would protect them were
very badly affected indeed.

							- Ted

References:
- RE: saag whyenc draft (was RE: Security Gateways)
  - From: Joshua Tseng <jtseng@NishanSystems.com>

Prev by Date: Re: iSCSI: draft 7: remove S bit and Status field from the Data-in PD U?
Next by Date: Re: Task Management Response
Prev by thread: RE: saag whyenc draft (was RE: Security Gateways)
Next by thread: RE: saag whyenc draft (was RE: Security Gateways)
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:04 2001
6315 messages in chronological order