SG vs Sun

[Phil Ronzone]

In article <9005010243.AA15404 at physics.phy.duke.edu> rgb at PHY.DUKE.EDU ("Robert G. Brown") writes:
>If one looks at the enumerated list above, it seems reasonable to
>conclude that we (as a University) cannot isolate our LAN by more than
>a "normal" gateway, and the gateway cannot/should not prevent
>telnet/ftp/smtp/rlogin/socket and so forth connectivity.  The gateway
>can (and will automatically) filter and route packets, sure, but
>unless you cram Maxwell's Daemon himself (maxwelld?) into the
>filtering algorithm you are not going to be able to tell a hacker
>telnetting in as "joe" from "joe" himself.  A packet is a packet.
>It's the contents that is the killer.
>
>Nor are you going to be able to fix the fundamental security hole in
>any public network -- anyone who is really good can tap the line
>directly and read your packets.  If they do that, only dual ended
>"scrambling" (encryption) is secure, and that carries a tremendous
>overhead.


Well, I understand your point, but I do not agree.

Any network has as one of the worst problems "authentication". Sending
passwords in the clear is not too smart, and traditional UNIX encryption
schemes have problems with either key distribution and/or safety of
the encryption algorithm.

Such things as public key technology for authentication schemes solve
these (and other problems).

Of course, the fact that such technology is not yet widely available
in most/almost-all UNIX'i is a problem for you ... :-)


--
+-------------------------------------------------------+---------------------+
| Philip K. Ronzone                 Manager Secure UNIX | WORK=(415) 335-1511 |
| Silicon Graphics, Inc. MS 9U-500                      |     pkr at sgi.com     |
| 2011 N. Shoreline Blvd., Mountain View, CA 94039      | FAX= (415) 965-2658 |