Thanks, Avi...great link. I'm going to cry "lazy" just this once...
Does your (or anyone elses) gear claim to be a host implementation of the
concept outlined in this paper?
At first glance there seem to be a _lot_ of problems lurking just under the
surface here and I hadn't noticed so much as an IETF working group...
I know we've all been saying this sort of stuff for a while but I hadn't
been aware that there was enough solid gear out there to start building a
network-as-firewall. (The Bellovin paper was good, thought provoking stuff
but it doesn't seem to outline any clear implementation ideas. That said, it
seems like we've got most of the building blocks now...Kerberos for strong
PKI based auth, IPSec, HW NIC support for some decent ciphers - with the AES
to make that even quicker. Policy management via LDAP...that makes it all
open standards and open sourceable)
Hm.
--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: Fogel, Avi [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 19 May 2000 7:24 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Security in Distributed Systems
>
>
> Very good writeup in
>
> http://www.research.att.com/~smb/papers/distfw.html
>
> Avi
>
>
> ************************************
> Avi A. Fogel
> President and CEO
> Network-1 Security Solutions, Inc.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
