[9511] in cryptography@c2.net mail archive
Re: New encryption technology closes WLAN security loopholes
daemon@ATHENA.MIT.EDU (Rick Smith at Secure Computing)
Wed Sep 26 16:01:19 2001
Message-Id: <4.3.2.7.0.20010926144329.020d8160@STPNTMX03.sctc.com>
Date: Wed, 26 Sep 2001 14:51:13 -0500
To: ji@research.att.com, cryptography@wasabisystems.com
From: Rick Smith at Secure Computing <rick_smith@securecomputing.com>
In-Reply-To: <200109242244.SAA19207@bual.research.att.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 05:44 PM 9/24/2001, ji@research.att.com wrote:
>In increasingly many environments, the term "perimeter" makes little sense.
>See, for example, the CCS-2000 paper on Distributed Firewalls by Sotiris
>Ioannidis et al. You can get it (among other places) from
>http://www.research.att.com/~smb/papers/ccs-df.pdf
If anything, the concept of 'perimeter' becomes more important as you look
at distributed firewall architectures, since it becomes a lot trickier to
discern what it is you've really managed to protect. I've been trying to
craft a clear explanation of how/why it's hard to subvert the card-based
distributed firewalls we developed with 3Com, and the perimeter concept is
crucial to the argument.
In my own experience, the security perimeter(s) play an essential role
whenever I try to explain real-world weaknesses in systems. I find I'm
always drawing boxes (perimeters) around things in security architecture
diagrams I draw.
Rick.
smith@securecomputing.com roseville, minnesota
"Authentication" coming in October http://www.visi.com/crypto/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
