'Re: Unprotected Suns (was: RE: cachefsd)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    Re: Unprotected Suns (was: RE: cachefsd)
From:       Gerhard den Hollander <gerhard () JASON ! NL>
Date:       2000-04-13 18:44:34
[Download RAW message or body]

fROm James Ellis (on Thu, Apr 13, 2000 at 02:30:12PM -0400):

> The threats and risks that our computers and networks face is,
> thankfully, quite different from that most of us face at home.
> So it is appropriate that different protections are needed.

You are absolutely right.

>> I just made sure I told them the story of bluebeard, and then I told them
>> about the one room in the house they are not allowed to enter ;)

> Darren's single-sign-on observation is right on.  Even in your house
> it is not really the case that anyone who is allowed in the frontdoor,
> such as guests and young children, are allowed in any room in your house.
> You do want *and have* internal restrictions - it is just that for
> cost/user-interface reasons you choose to implement those by policy rather
> than technology.  A perfectly fine tradeoff to make for today's house,
> but I submit that in most cases today's computer technology and threats call for
> a different solution - single-sign-on interface if possible, but definately
> strong authentication at every door.

You are absolutely right, and I may not have been clear enough when I
stated the above.

In my situation the only people who have access to the network are those
within the network.

There is no gateway to the outside world, and there is no way anyone from
the outside can get inside our network.

If we were to allow outside access to our network (which we don't) I'd
 isolate the outside access to a set of machine in a perimeter network/dmz
and treat the machine outsiders have access to as being ``outside'',
put a firewall between those machine and the rest of the network, and make
sure that it is not possible to get from those outside machine through the
firewall onto the internal machines.




	Gerhard,  <@jasongeo.com>   == The Acoustic Motorbiker == 	
--
   __O	Big Brother is not watching us ....
 =`\<,	We are watching him
(=)/(=)		TV == Soma

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic