On Sat, 29 May 1999, Marcus J. Ranum wrote:
> >just lost the high level of security. Whoever wrote the original plug-gw
> >started a downward trend in security that's rapidly becomming the
> >default.
>
> I take the blame for that, too. :)
I suspected as much :)
Plugboards are a good flexability tool, the problem is that's the
antithesis of a good security tool. It's been a pretty fair number of
years since I installed my first plugboard - I'm *still* going through
the "It isn't a proxy and I won't add one for <xyzzy>" argument every few
months.
> Proxy #0 was sendmail (!) :) -- it was the sendmail configuration
> on a box named "decuac.dec.com" that kind of triggered the
> whole proxy idea... It was all Fred Avolio's fault.
It's only right that Fred should be blamed for something ;)
> Plugboard security didn't really become the rage until Checkpoint
> came out, a couple of years later, though arguably Cisco routers
> had it all along. ;)
Between the fact that every damn item on the planet seems to _need_
Internet access now, and every luser seems to _need_ every braindead
protocol in existance, I'm rapidly thinking it's time to go do something
different. I'm making one last-ditch attempt to work on a scalable
compartmentalized architecture. If that doesn't work well, or the
business case won't fly then it's probably time to leave some other
schmuck with the firewall and let them deal with the inevitable
compromises.
It's like the virus thing all over again. We can see it headed our way,
but nobody seems to *want* to move out of the way...
</soapbox>
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
