> Bill Sommerfeld wrote: > Denying external connectivity on a host-by-host basis is harder > than it looks, because if any system with external connectivity > at any layer is compromised, it can be used as a springboard to > attack "internal" systems which the firewall allegedly protects.
This is a lot more complicated than being able to attack the system directly, and requires to develop software that acts as a proxy to the internal system. > Site-local addresses add complication and do nothing that a site > couldn't do already by setting aside part of its address space to > be blocked at a firewall. This is untrue. - With an RFC 1918 host behind a firewall, compromising the firewall is enough to grant that host outside access. Single point of failure. - With a site-local only host behind a firewall, this become a double hack thing: you need to reconfigure the firewall _and_ reconfigure the host to give it a public IP. Let's look at the following situation: The hacker can reconfigure the firewall and is using an OS vulnerability that allows him to read data from the hosts but not to reconfigure it. RFC 1918 host: The hacker can freely copy the data. Site-local only host: The hacker can _not_ copy the data (has to take extra steps). > The belief that site boundaries will be configured correctly > is equivalent to the belief that site boundary firewalls will > be configured correctly. What is the message here? Don't configure a firewall because it can eventually be configured incorrectly? Why don't you post password lists and network diagrams while you're at it? Michel. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
