> > JJ Behrens wrote: > > Michael, > > I am no security wizard. However, it seems to me that you are > > suggesting that site-local addresses add a small amount of > > security because there's no way to connect directly from the > > attacker's machine to the database machine. However, if the Web > > server has been compromised (which is a very reasonable proposition > > based on recent events), it seems just as easy for the attacker to > > mount his attack by first ssh'ing to the Web server, and then > > attacking the database server from there. > > I welcome your corrections if I have missed something. > > You have perfectly understood. The point I was trying to make is not how > easy or difficult it is to hack the web server, but that it is one extra > step that the hacker has to take. If the database server has no access > to the outside, the hacker needs to have enough access and skills to > install some kind of a proxy server that will read the data from the > database server to the web server, then send this data back to the > hacker. This is no easy task. > > In other words: Yes it is possible to copy data from a machine that does > not have access to the outside, but it does require skills that some > hackers do not have. Let's say you know Windows, but the server you > compromise is an obscure flavor of Unix. How much time is it going to > take you to understand how that system is configured, write the software > to proxy the data, compile it in a way that the host likes, install it, > etc. All of that without being caught. > > Granted, that will not stop a good hacker, but that will stop the > disgruntled employee that does not know jack but the passwords. > > I read somewhere that 80% of computer crime is committed by people that > are nowhere near what you would call a hacker but have insider's info. > If using SL keeps half of these 80% out, I'm more than happy with it. > > A significant part of securing a host or network is putting a large > number of roadblocks in the hacker's way. None of the road blocks are > impossible to pass, the goal is to get the hacker tired before the end. > I have to insist that a host that has direct access to the Internet > (such as an RFC 1918 host with NAT) is indeed less secure than a host > that does not (such as a v6 host with a SL address only).
Your point is valid. Now it remains to be argued whether the difficulties associated with SL's are worth this small increase in security. Personally, I feel that this small increase in security is not worth the extra work. However, it remains to be seen whether we can solve the renumbering problem (i.e. the use of SL's for longterm stable IP's). Best Regards, -jj -- Users of C++ should consider hanging themselves rather than shooting their legs off--it's best not to use C++ simply as a better C. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
