[e2e] IPV6 FIREWALLS
J. Noel Chiappa
jnc at ginger.lcs.mit.edu
Wed Jul 2 07:19:07 PDT 2003
> From: RJ Atkinson <rja at extremenetworks.com>
> this is merely the continuation of an existing widespread practice.
> ...
> End users actually LIKE this kind of setup. One imagines that they LIKE
> it in part because of successful marketing to sell them this kind of
> setup
I'm going to disagree with you there somewhat. I think organizations like
having a fairly powerful security perimeter that the organization has good
control over, for several reasons.
For one, depending on individual PC users to have all the very latest bug
fixes installed just doesn't work without fairly draconian levels of control.
For another, they want some non-discretionary access controls (e.g. ability
to block workers from wasting time on X-rated sites). Etc, etc.
The Internet architecture we foisted on the world had a really embreyonic
security architecture - well, actually, I'm being charitable, it didn't
really even have that much. We didn't really have a clue what people were
really going to need to do, much less provide any mechanisms that would allow
them to do that.
So it's no suprise that, not having given them any screwdrivers, they looked
around and picked up whatever hammers they could find, and started applying
them...
Noel
More information about the end2end-interest
mailing list