[136898] in North American Network Operators' Group
Re: quietly....
daemon@ATHENA.MIT.EDU (isabel dias)
Sun Feb 6 09:46:42 2011
Date: Sun, 6 Feb 2011 06:45:45 -0800 (PST)
From: isabel dias <isabeldias1@yahoo.com>
To: Lee Howard <lee@asgard.org>, Owen DeLong <owen@delong.com>,
david raistrick <drais@icantclick.org>
In-Reply-To: <000101cbc608$769782b0$63c68810$@org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
sure ................=0A=0A=0A=0A=0A________________________________=0AFrom=
: Lee Howard <lee@asgard.org>=0ATo: Owen DeLong <owen@delong.com>; david ra=
istrick <drais@icantclick.org>=0ACc: nanog@nanog.org=0ASent: Sun, February =
6, 2011 2:16:35 PM=0ASubject: RE: quietly....=0A=0A> The end-to-end model i=
s about "If my packet is permitted by policy and=0Adelivered to the=0A> rem=
ote host, I expect it to arrive as sent, without unexpected=0Amodifications=
."=0A=0AWell, it's about communications integrity being the responsibility =
of the=0Aendpoint.=A0 It=0Ais therefore expected that the network not mess =
with the communication.=0ASee http://web.mit.edu/Saltzer/www/publications/e=
ndtoend/endtoend.pdf=0A=0A> Nobody wants to get rid of firewalls. =0A=0ASev=
eral people want to get rid of firewalls.=A0 Consistent with the end-to-end=
=0Aprinciple, hosts should provide their own policy enforcement.=A0 See exp=
ired =0Adraft-vyncke-advanced-ipv6-security-01=0A=0AUnfortunately, the appr=
oach described doesn't work in state-of-the-art=0Aresidential=0ACPE, and re=
lies heavily on endpoint security protection, which is weak in=0Amost=0AInt=
ernet hosts.=A0 =0A=0A> We want to get rid of NAT. Firewalls work great=0A>=
without NAT and by having=0A> firewalls without NAT, we gain back the end-=
to-end model while preserving=0Athe ability to=0A> enforce policy on end-to=
-end connectivity.=0A=0AI would rather see hosts protect themselves from ba=
dness, and network=0Asecurity=0Aappliances be limited to protecting against=
network threats (a DDOS is a=0Anetwork=0Athreat; a service DOS is an appli=
cation threat).=0A=0A> > NAT doesn't destroy end-to-end.=A0 It just makes i=
t slightly more=0Adifficult. But no more=0A> > difficult that turning on a =
firewall does.=0A> > It doesn't break anything that isn't trying to "announ=
ce" itself - and=0Aimo, applications that=0A> > want to "announce" themselv=
es seem like a pretty big security hole.=0A=0AService discovery is an Inter=
net weakness.=0A=0A> NAT does destroy end-to-end. Firewalls do not.=0A=0AFi=
rewalls merely constrict it.=A0 Not that I advocate against the use of=0Afi=
rewalls;=0Ain fact, I think I'm agreeing with you, and extending the argume=
nt a little=0Afurther,=0Athat we should move from NAT to firewalls, then fr=
om stateful firewalls to=0Asecure hosts and network security appliances.=0A=
=0ALee=0A=0A=0A
