In message <4e96ce51.7020...@riw.us> Russ White writes: > > > Should the applications be insecure and rely on a firewall? > > (Microsoft advocated this in the 1990s and it has stuck to a large > > extent). Or should the network be open and the applications secure? > > > > I'm strongly with you on this. The applications should take care of > > any security that is necessary *for that application*. > > In other words, we should abandon door locks and make certain that > anything you don't want stolen is individually secured --because only > the device manufacturer could ever know how valuable it is, and how best > to prevent it being stolen?
Following that analogy, the door locks built my certain OS vendors are both flimsy and easily picked. And we should not enable tftp and point it at the root directory and hope that some smart network appliance will somehow firewall us. > In your own words: > > > No. No. No. > > Security is layered in the physical world, and it should be layered in > the network, as well. That I argue for a default "domain based" posture, > where all machines within a given "domain" are all fully reachable, but > those outside the "domain" are not reachable unless specific actions are > taken to make them reachable, doesn't mean I don't think individual > computers need security at all, or that all security should rely on the > firewall. > > "All security must be on the firewall or in the applications" is a false > dichotomy. Ideally the firewall should be unnecessary. In some cases a firewall is out of the question. For example, a router cannot rely on sitting behind a firewall. That is not to say that packet filters at the border don't serve as a valuable denial of service protection against pure traffic based attacks. Firewalls more often get in the way than do any good. They also give a false sense of security which results in the occasional "our LAN is currently swamped as a result of the latest virus run amuck on our LAN" coming from IT. > > Security is not a layer-2 function. Security is an application > > function. You had it right the first time. Key exchanges and > > certificates are not layer-2 functions. > > Security is an application function, yes. Security is also a network > function, and security is a machine level function. All of these have a > role to play in security. > > :-) > > Russ The operations staff for the T3-NSFNET had no firewall and was security audited by some of the best in the field. Of course we did not allow the use of a PC with Windows in operations. No such thing could sit on the same subnet. Another division in ANS that relied on a firewall was the only part of the company that even had to have all computers taken down and scrubbed before they could be used again. [Requirement at that time of having certain government customers]. Every computer had to be physically removed, rebooted from other media, backed up, reinstalled, user files restored from a backup prior to the breach, and returned to the rack or the user's desk. Users had to fetch any lost work from the backups and were supposed to insure that no changes where made to recovered source code. Sound painful and costly? It was! Network protection of insecure host applications is false security. It takes just one host breach to compromise the whole internal network. I've seen it first hand many times. [not quite first hand since my computers never relied on a firewall for security but a few times on the corporate LAN they were sitting on.] IPSEC also got it wrong. The application really is the right place for security. :-) btw- Anti-virus software is a cruel hoax. [that someone makes money on] :-) > > It is entirely possible that the same computer has pictures of Grandma > > that I'm OK with you seeing and has a printer hanging off it that I > > don't want anyone in the world to be able to print on. Same MAC > > address. So that can't be a layer-2 function. > > > > And port filtering at a firewall is a lame excuse for security. The > > bug in relying on a firewall in an enterprise (a little less so for a > > home) is that once any one user downloads malware, that malware has > > access to everthing behind the firewall largely because of the > > assumption that security is not needed because there is a firewall. > > > > Lets not enshine the dumbest practices of the IT world. > > > >> I think homenet should focus on L3. (and be clear on what it expects > >> from the other layers with regards to security). > >> > >> cheers, > >> Ole > > > > Curtis _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet