> So, what does the user want again? > ------------------------------------------------------ > ------------------ > ---- > The opinions expressed in this message are mine, > not those of Caltech, JPL, NASA, or the US > Government. > Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu > > > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org >
The user (me) wants to have a set of rules in the firewall that are enabled only after the client (a user at some random IP address) has successfully used some form of two-factor authentication. It would be nice to be able to configure a dedicated host as a firewall with a defined set of interfaces as public/private or internal/external and allow authenticated IP addresses to send packets from one side to the other. This leaves the rules invulnerable to spoofing during the time when no IP addresses have been authenticated. Also, this arrangement provides a level of flexibility such that "authenticated" users can come in from various address spaces without a priori knowledge of where said users are going to be. The term "authenticated" can be debated, but it is meant here as: [i]Distinct from any user on the Internet simply because they were able to know something and have something at the right time.[/i] Often this has the desired effect of limiting a service from "any IP address" to "any IP address from which a user has authenticated" Authenticating an IP address is a means of raising the bar and making the attacker work a little harder, but it is understood that if the attacker is also at the right place and time (e.g. on a multi-user system which has been authenticated) then the service which was inaccessible can now be accessed. The attacker in this scenario is forced to attack clients which authenticate to the firewall because the firewall simply drops all packets from non-authenticated IP addresses. Some thought must also be given to how and when such rules are disabled. Various options might be available such as: 1. Strict time limit after initial authentication 2. Disable after specified time limit during which no traffic has traversed the filter. 3. Enabled/Disabled at a given time of day ( 2PM to 4PM PST) I hope that clears up what I was thinking, but many words usually bring many troubles. Dale This message posted from opensolaris.org
