Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: tunnel vs open a hole
From: Frederick M Avolio <fred () avolio com>
Date: Tue, 08 Apr 2003 15:07:08 -0400


No one discussed the benefits of using an encrypted, authenticated
tunnel (SSL, SSH, ...), which do provide additional controls. If I were
developing/deploying a (presumably) distributed application *today*,
I would begin with the assumption that I need stronger authentication
than UIPW, message integrity, and message confidentiality. Many of
the problems we struggle to correct today stem from the fact that
we think of security as something orthogonal to application functionality
rather than a core component/requirement.
Of course, encryption exacerbates the problem. :-) We can then gain a tremendously high level of assurance that Dave Piscitello did something over SSL to a particular IP address from a particular IP address. Which adds authentication and little else on top of the paragraph you cited: 


"The real question is whether the tunnelling system provides _ANY_
security controls above and beyond ip/src/dest/logging."



Fred


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]