[e2e] Rebroadcast of Sigcomm Keynote 12:30pm EDT Today!
David P. Reed
dpreed at reed.com
Wed Aug 21 15:00:45 PDT 2002
At 05:15 PM 8/21/2002 -0400, Erich Nahum wrote:
>In addition, not only do many corporate policies dictate firewall usage,
>anyone who is *not* behind a firewall or NAT is asking to be hacked.
Anyone who thinks that a firewall or NAT prevents hacking hasn't thought
about the problem clearly.
At best, all a firewall does is block what the OS should have been blocking
in the first place (Bellovin's book on firewalls states this point
explicitly). All a NAT box does is violate the assumptions of the IP
end-to-end protocols.
By now, most systems have the option of "local" firewalls (BlackICE, XP's
stack, etc.). And NATs are standing in the way of IPSEC, SSH, and other
forms of e2e security.
Corporations may fool themselves into thinking FWs and NATs make them
secure. Don't let's perpetuate the myth.
More information about the end2end-interest
mailing list