'RE: [NTSEC] ActiveX, MSIE and Quicken'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: [NTSEC] ActiveX, MSIE and Quicken
From:       "Paul D. Robertson" <proberts () clark ! net>
Date:       1997-02-02 7:42:42
[Download RAW message or body]

On Sat, 1 Feb 1997, Russ wrote:

> To try and keep this on a Firewalls vein. The tunneling of anything over
> HTTP is, in my opinion, the crappy technology. That goes for Java
> applets or certificate authentication for that matter. I don't like the
> idea of combining diverse tasks within a single channel if its possible
> to avoid it, and it is possible, so the only reason its not being done
> is to USURP FIREWALLS.

Right, this is my whole problem with SSL.  SHTTP was better, though I'd 
prefer that the firewall be able to man-in-the-middle the crypto stuff in 
either case, so as to pass it through an application layer gateway.  
 
> administrator to really know what's happening where, and the sandbox
> can't be trusted enough to say you don't need to care what a Java applet
> it doing, IMO.

This is an issue with the implementation of the JVM though, which is 
certainly a better thing that straight object code.  It's more a 'lesser 
of two evils' situation.  I *could* see the JVM actually evolving into a 
trusted environment, or more properly, into a well-bounded untrusted 
one.  I can't see OLE ever doing the same, so I'd rather try to back the 
horse that I'd like to see win.

> So neither technology are THE answer. Both technologies are
> demonstrations of future technology which will become AN answer. Whether
> either survive, or some hybrid or completely different technology
> emerges as THE answer is still to be seen.

Which makes this the right time to be pressing for improvements in both,
which blocking by enough people will get addressed.  Certainly, the fact that
ActiveX was holding us back from authorizing IE as an approved browser 
got at least a preliminary answer from MS.  It's too bad they won't 
follow up on specific implementation deficiencies as quickly.

> Windows 95 and NT 4.0 both implement a model that make that easy and
> somewhat hidden (a shortcut accessed across a network share could easily
> install itself without any notification whatsoever).

This is true, and I think a number of companies are falling back to the
old military compartmentalization model, I know we certainly are.  The 
first order of business is to tighten down the interaction between the
'internal to the company' and the 'external to the company' zones, then 
the internal ones get the next set of restrictions.

> what's needed now is more emphasis on the environments security. Windows
> NT 4.0 represents, somewhat, the environment that all OLE-based
> platforms have to become. An environment where distributed computing is
> possible, but can also be implemented securely. But this discussion
> digresses into issues that shouldn't be debated here.

NT 4.0 is a start, but it certainly isn't the culmination of that evolution.

> Bottom line is that with so little interest by Firewall administrators
> in desktop security, their minds concreted in the idea that everything
> is going to be controlled at the company gates by the GateKeeper, its
> obvious that the Tunnellers will win and the GateKeepers will lose. With
> that goes the legacy systems that put bottlenecks on technology and
> innovation in favour of time-tested and proven security models. Fine,
> it'll work great for lots of implementations, but while those walls
> crumble and the GateKeeper continues to be assailed from his/her own
> charges, at some point the realization will hit them that desktop
> security and an integrated administration/security platform is the only
> model that can move forward with the technology.

The only way you can be proactive with desktop security is to control 
what runs on the desktop.  That's why it's important to get the 
developers listening now, and not to accept blind tunneling.

> is force the vendors to deliver the products that could do this. This
> doesn't translate to a call for NT Firewalls (although light 'em if you
> have 'em).

It certainly *shouldn't* translate to a call for NT firewalls, that's too 
much like in-band control of the phone switch.

> But if you think you can say that ActiveX is bad so take it way, you'll
> have to tell them to take away all your MS desktops as well. I'm sure
> many of you have been saying that for a while now, but the facts are in
> front of the majority of you and can be seen just by looking around your
> office.

$300 NCs would make that a viable alternative.  Too bad that's not a 
fiscal reality.  The fact is that most desktop users in a corporate 
environment don't *need* OLE, or most of the other bloat that comes with 
a desktop OS.  Most of them don't *need* the Internet either.  But I'm 
still not at a point where I'm ready to pack up my toys and go home.

With the right JVM, or with a JVM on the right hardware, Java can be 
well-bounded enough to be trustworthy.  There's a couple of years worth 
of work there, but it is possible.  I just don't see how you can do it, 
even with twice as long with OLE.  

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts@clark.net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic