Xref: utzoo comp.sys.ibm.pc:38636 comp.protocols.tcp-ip:9328 comp.protocols.tcp-ip.ibmpc:1960
Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!bloom-beacon!athena.mit.edu!jon
From: jon@athena.mit.edu (Jon A. Rochlis)
Newsgroups: comp.sys.ibm.pc,comp.protocols.tcp-ip,comp.protocols.tcp-ip.ibmpc
Subject: Re: The PC as a trusted client in a TCP/IP network
Keywords: PC, TCP/IP, security.
Message-ID: <1989Nov22.224737.29098@athena.mit.edu>
Date: 22 Nov 89 22:47:37 GMT
References: <907@cgch.UUCP>
Sender: news@athena.mit.edu (News system)
Reply-To: jon@athena.mit.edu (Jon A. Rochlis)
Organization: Massachusetts Institute of Technology
Lines: 18

In article <907@cgch.UUCP> whna@cgch.UUCP (Heinz Naef) writes:
>Hello system integrators,
>what could be done to turn existing personal computers (industry standard)
>into real trusted clients on a TCP/IP network? 

My 2 cents: Don't try to turn PC's into "trusted clients".  Don't
build around the concept of trusted clients at all.  Instead assume
all clients run with software (possibly even hardware) written from
the ground up by a cracker.  Assume all communications are monitored
by the "bad guy".  Require something like Kerberos to make the client
process prove its identity to a server.  Encrypt data streams or do
crypto-checksums depeneding upon the sensitivity of the data in
question.  Don't trust the software on the client.  After unless you
control and secure all the wire, somebody can pretty easily hook up
their own portable PC and at the very least run a sniffer to grab all
the packets as they go over the wire.

		-- Jon