home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.tcp-ip
- Path: sparky!uunet!elroy.jpl.nasa.gov!ames!sgi!rhyolite!vjs
- From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver)
- Subject: Re: Firewall usage
- Message-ID: <nsab848@rhyolite.wpd.sgi.com>
- Organization: Silicon Graphics, Inc. Mountain View, CA
- References: <Bs3vCz.K13@cs.columbia.edu>
- Date: Tue, 28 Jul 1992 18:05:04 GMT
- Lines: 106
-
- In article <Bs3vCz.K13@cs.columbia.edu>, ji@cs.columbia.edu (John Ioannidis) writes:
- > ...
- > * A firewall is no excuse for lax internal security. To wit:
- > - In a large organization, there are bound to be "bad guys" (either
- > through malice, negligence, or sheer stupidity) inside the
- > organization as well. No firewall is going to protect you against
- > those.
-
- True, but irrelevant. The only effective means to protect against bad
- insiders are administrative. Technical solutions to administrative
- problems are always less effective.
-
- Most murders and non-sexual assualts are committed by people acquainted
- with the victim. Do you conclude that you need dead bolts on your
- bedroom doors? Must you sleep alone or with an awake, armed guard?
- There are far more external network damage and attacks than internal.
-
- Open networks are no fun to break. A "disgruntled employee" is not
- going to "break into" a system to "erase critical files" if those files
- are properly achived. Such a bad guy is not going to use the network
- to get even, but will do commit any of the many more familiar, easier
- to commit, harder to detect forms of white collar crime. (You are
- talking about criminal acts.)
-
- "Security" does nothing to protect against negligence or stupidity,
- because those who who are acting stupid or negilgent almost always have
- all of the passwords, keys, and badges. It is reckless to
- unnecessarily run as root, because of the danger of typo's, but that
- has nothing to do with "security.'
-
- Fasist internal security systems generally exist for internal political
- reasons, to entertain and justify SystemAdministators. There are
- development organizations where the programmers are not allowed to know
- the root passwords of their workstations, but all such organizations I
- have seen have been less then unproductive.
-
- > - A firewall only protects you against *known* external threats.
- >
- > - If your internal network is insecure, you are vulnerable to anyone
- > who can get physical access to it. Today this involves tapping
- > ethernet cables, but tomorrow it may just involve dropping by with
- > a laptop with a wireless interface. I have a vested interest in
- > seeing wireless LANs take off -- I don't want t hem stifled
- > because of security concerns.
-
- Maybe you should find other vested interest, if your wireless stuff
- requires that machines on local networks be protected.
-
- > - Think of the Maginot Line.
- >
- > * The network should switch bits and enforce routing policies -- not
- > cover up for insecure applications.
-
- So, you have locks on your bedroom door, to protect you against your
- relatives.
-
- > * It should not be the job of the millions of system administrators to
- > patch known holes -- the vendors should be doing that. There is
- > simply no excuse for vendors shipping us insecure code. (Is it true
- > that SunOS is still distributed with /etc/hosts.equiv containing a
- > single '+"? Why do we still have login programs that only accept
- > eight-character passwords, password files that are publicly
- > readable, things like NIS that allow uncontrolled access to their
- > information, etc? At least we don't get sendmail shipped with the
- > debug option turned on any more.
-
-
- So you think you can sell an obligatorily secure system? Like the SCO
- C2 UNIX? Where the customer cannot run with open doors? Wrong.
-
- Systems should come in the box with a reasonable amount of security.
- That does not imply everyone must or should or be required to use it.
-
-
- > * Having firewalls reduces the urgency (that is, the pressure on the
- > vendors) of patching those security holes. It's a vicious cycle.
-
- Wrong. We vendors can fix holes since we generally have source for our
- products, and we generally feel more pressure to fix holes for
- customers than you can imagine, but we run with firewalls.
-
- > * We've seen analogies such as putting locks on the front door rather
- > than each individual room, and that it's perfectly acceptable
- > capitalist behavior to put a firewall gateway in front of your
- > network. I claim that this is far from being capitalistic; you're
- > beeing communist inside, and hiding behind an Iron Curtain.
-
- So, you have locks on your bedroom door, but not on your front door.
- Well, from the stories I've read, that makes a certain amount of sense
- for New York City.
-
- > ...
- > * Firewalls are an easy solution to a very real and very serious
- > problem. My point, if a bit idealistic, is that we should *fix* the
- > problem, rather than patch its manifestations.
- >
- > * Security, like good manners, starts at home.
-
- Having good security available is not the same thing as being required
- to use it. It is good that locks and safes are available for those
- who need them. It would be bad and stupid to expect everyone to
- use case-hardened bars on their first floor windows, just because
- they are necessary in New York.
-
-
- Vernon Schryver, vjs@sgi.com
-