New encryption technology closes WLAN security loopholes
Rick Smith at Secure Computing
rick_smith at securecomputing.com
Wed Sep 26 15:51:13 EDT 2001
At 05:44 PM 9/24/2001, ji at research.att.com wrote:
>In increasingly many environments, the term "perimeter" makes little sense.
>See, for example, the CCS-2000 paper on Distributed Firewalls by Sotiris
>Ioannidis et al. You can get it (among other places) from
>http://www.research.att.com/~smb/papers/ccs-df.pdf
If anything, the concept of 'perimeter' becomes more important as you look
at distributed firewall architectures, since it becomes a lot trickier to
discern what it is you've really managed to protect. I've been trying to
craft a clear explanation of how/why it's hard to subvert the card-based
distributed firewalls we developed with 3Com, and the perimeter concept is
crucial to the argument.
In my own experience, the security perimeter(s) play an essential role
whenever I try to explain real-world weaknesses in systems. I find I'm
always drawing boxes (perimeters) around things in security architecture
diagrams I draw.
Rick.
smith at securecomputing.com roseville, minnesota
"Authentication" coming in October http://www.visi.com/crypto/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list