Xref: utzoo comp.dcom.lans:2057 comp.protocols.tcp-ip:5625
Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!bu-cs!kwe
From: kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England))
Newsgroups: comp.dcom.lans,comp.protocols.tcp-ip
Subject: Re: Network Security
Message-ID: <26342@bu-cs.BU.EDU>
Date: 30 Nov 88 22:44:54 GMT
References: <26314@bu-cs.BU.EDU> <1009@asylum.sf.ca.us>
Reply-To: kwe@buit13.bu.edu (Kent England)
Followup-To: comp.dcom.lans
Organization: Boston Univ. Information Tech. Dept.
Lines: 39

In article <1009@asylum.sf.ca.us> romkey@asylum.UUCP (John Romkey) writes:
>In article <26314@bu-cs.BU.EDU> kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) writes:
>>	Networks are secure when they operate properly.
>
>I'm going to pick a nit.
>
>You're automagically defining what "operate properly" means here. I
>don't think it's a truism that a network that operates properly is
>secure...
>
>A network that is conformant with current TCP/IP specifications is not
>necessarily secure but does operate properly.
>-- 

	That's no nit, that's a whole difference of opinion.

	Or, we have a difference of semantics at the very least.  I
really do mean to say that the "network" is secure when it routes
packets properly.  Of course, the network applications, like telnet,
ftp, smtp are not secure at all simply because the network routes
packets properly.  I mean that if the network is routing properly,
that further efforts to secure the applications running on the network
should focus above the transport level.

	Some people would argue that networks ought to implement
access control filters as a means of securing applications that use
the network.  I think this is ineffective and misguided.  Some people
think that networks ought to be shut down when applications come under
attack, like what is happening with the ftpd bug on milnet right now
and what happened this November with the virus attack.  I think that
this is inappropriate.

	Our networks have security risks right now.  We need to
address these routing and network management issues.  But when it
comes to addressing password cracking and handling ongoing attacks, we
should be focusing on areas other than transport and routing.

	Perhaps we agree after all?  Certainly my one line statement
needed some amplification.