[4305] in WWW Security List Archive
Re: Access Logfile Question
daemon@ATHENA.MIT.EDU (Dennis Glatting)
Sun Feb 9 04:15:45 1997
From: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>
Date: Sat, 8 Feb 97 22:59:42 -0800
To: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>
cc: "Paul F. Haskell" <phaskell@skyserv1.med.osd.mil>,
<www-security@ns2.rutgers.edu>
Reply-To: dennis.glatting@plaintalk.bellevue.wa.us
Errors-To: owner-www-security@ns2.rutgers.edu
> > In other words, they make stupid name choices. If an
> > organization is concerned about confidentiality, as you
> > suggest, I recommend they amend their security policy,
> > assuming they have one, and address the naming issue.
>
> I only ever put trust in a policy that is both auditable and
> regularly audited. The principle of security is that there is
> no such thing as paranoia.
>
> I cannot economically audit machine name choices. Nor is it
> necessarily a good thing to do so. If the Black project is known
> about in a company the best name for the Web server with
> information on it is probably black.foo.com. It is not a good
> thing however for outsiders to know that 128.34.xx.yy is the
> black.foo.com machine.
>
> I look for a security policy that is economic to implement. If
> you want to offer a facility to the outside world I want to see an
> economic case for that facility being made available and a cost
> code to charge the cost to.
>
To only trust a policy -- and infer only follow it -- if it is
economic is not a basis for good security.
> > Obviously there is good reason to place dynamic addresses into
> > DNS; otherwise, dynamic update would not be on the IETF's
> > agenda.
>
> That is generally for long leases on the IP address so that
> people with cable dialup can run Web servers from their home. In
> the longer term the idea is to drive the entire Internet from
> DHCP and avoid most of the tedious reconfiguration required.
> It also smoothes the path for IPng.
>
I'm confused. If the long term idea is to use DHCP across the
entire Internet, how will packets be routed? Wouldn't storing
route information for each address be a substantial drain on
the resources of each route point or increase a packet's size as
it traverses the Internet? How will a query be routed back in the
presence of link failure? If a destination of an e-mail message
is a host, e.g., a UNIX workstation, how will it reliably find
its way?
> At present however many people have systems where DNS lookup is
> simply irrelevant. Their machine has no individual
> personality and there is no need to give it a name. Indeed to do so
> is unnecessary.
>
> > Often internal DNS servers access external ones requiring a
> > return path. Packet filtering offers no protection from
> > spoofing or denial of service attacks against those servers.
>
> That's why I would have a DNS proxy on the firewall so that a
> denial of service attack was stopped dead at the moat so to
> speak. I would not make the internal lookup servers the same as
> the authoritative name servers and I would not make the
> authoritative name servers reachable from the outside world.
>
The DoS isn't stopped by a firewall. Perform a DoS against the
firewall or flood the data stream.
-dpg
