[e2e] IPV6 FIREWALLS
Cannara
cannara at attglobal.net
Wed Jul 2 10:42:30 PDT 2003
Agree 100%. The mess we're in, securitywise, is due to the absence of thought
and appropriate action on the Internet Protocol Suite's security from day
one. The idea of requiring a network login, as commercial network protocols
for corporate purposes generally had, was an anathema to dominant Inet folks
for decades. As ye sow, so shall ye reap, is pretty much where we are today.
Alex
"J. Noel Chiappa" wrote:
>
> > From: RJ Atkinson <rja at extremenetworks.com>
>
> > this is merely the continuation of an existing widespread practice.
> > ...
> > End users actually LIKE this kind of setup. One imagines that they LIKE
> > it in part because of successful marketing to sell them this kind of
> > setup
>
> I'm going to disagree with you there somewhat. I think organizations like
> having a fairly powerful security perimeter that the organization has good
> control over, for several reasons.
>
> For one, depending on individual PC users to have all the very latest bug
> fixes installed just doesn't work without fairly draconian levels of control.
> For another, they want some non-discretionary access controls (e.g. ability
> to block workers from wasting time on X-rated sites). Etc, etc.
>
> The Internet architecture we foisted on the world had a really embreyonic
> security architecture - well, actually, I'm being charitable, it didn't
> really even have that much. We didn't really have a clue what people were
> really going to need to do, much less provide any mechanisms that would allow
> them to do that.
>
> So it's no suprise that, not having given them any screwdrivers, they looked
> around and picked up whatever hammers they could find, and started applying
> them...
>
> Noel
More information about the end2end-interest
mailing list