>RFC 3093, the Firewall Enhancement Protocol promises to reduce the hassle of
>setting up a firewall by tunneling any TCP/IP application over HTTP.
>
>
>
>Thanks,
>Robert Fowler
Look very carefully at the date of this RFC.
Serious question: is hassle necessarily a bad thing with respect to
firewalls? What if the security policy operates on the principle of
least privilege -- only granting those privileges and services where
there has been a very conscious decision that the user needs the
functionality.
Quoting from the RFC,
"To see how powerful the end-to-end model is consider the following
example. If Scott and Mark have a good idea and some implementation
talent, they can create an artifact, use it, and send it to their
friends. If it turns out to be a good idea these friends can adopt
it and maybe make it better. Now enter the Firewall: if Mark happens
to work at a company that installs a Firewall, he can't experiment
with his friend Scott. Innovation is more difficult, maybe
impossible. What business is it of an IT manager if Scott and Mark
want to do some experiments to enable them to better serve their
users? This is how the web was created: one guy with talent, a few
good ideas, and the ability to innovate."
Without making reference to the RFC date, is this model necessarily a
good thing when intellectual property rights, responsibility for
corporate IT resources, and the skill levels of Scott and Mark (i.e.,
do they know how to control unexpected aspects of their thing?)? Do
Scott and Mark properly have the authority to decide what will and
will not serve their users?
I'm not suggesting that informal collaboration isn't essential in
research, including industrial research. But if network services are
mission critical, is it desirable that anyone can circumvent controls
on them, as long as they are "inside," or at least one of them is?
>
>We are told that talent creates its own opportunities. But it sometimes
>seems that intense desire creates not only its own opportunities, but its
>own talents.
>- Eric Hoffer (1902-1983 American Author & Philosopher)
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]