On Wed, 6 Jun 2001, Steve Riley (MCS) wrote:
> If (as Jose mentions) we force strong machine-to-machine
> authentication, then the previous concern is moot: how can an attacker
> compromise a machine at all? Am I missing something basic here, or is
> it that simple? (No flames, please. :))
actually i think you're missing my intended point, or maybe i didsn't make
it too clearly. in short, the strong authentication was for attaching the
client to the other end of the pipe, so not just anything is on that end.
the client machine can be attacked and subverted outside (ie before) the
VPN, insert a trojan and maliciously send an attack (or a query) down the
VPN pipe once the legitimate client has established the secured
connection. hence, i think that, once the end of the tunnel is emerged (ie
within the corporate DMZ or similar landing strip) a firewall and content
inspection system should be in place. agents placed on the target machines
(or in the VPN landing zone, using IPSec gateways) could serve as the IDS
sensors, eliminating the worry of 'the NIDS cannot decode the traffic as
it is encrpyted'.
anyhow, this is probably growing stale. we're not going to settle this
debate here, but i think we've raised some interesting ideas and concerns.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
