Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uunet!cs.utexas.edu!swrinde!ucsd!ucbvax!ulysses!ulysses.att.com!smb From: smb@ulysses.att.com (Steven Bellovin) Newsgroups: comp.protocols.tcp-ip Subject: Re: A SUSPICIOUS SECURE GATEWAY Message-ID: <13020@ulysses.att.com> Date: 25 May 90 21:04:45 GMT References: <435@jove.dec.com> <9005231723.AA20278@hp-ses.sde.hp.com> Sender: netnews@ulysses.att.com Lines: 38 In article <9005231723.AA20278@hp-ses.sde.hp.com>, wunder@HP-SES.SDE.HP.COM (Walter Underwood) writes: > HP does exactly the same thing. And Bell Labs goes even farther; we have just 2 non-isolated machines on the Internet. Application-level gateways do the rest. Why? Because in the Real World (whatever that is), our machines are not secure enough today. Blame complacent vendors, blame lazy administrators, blame careless users -- it doesn't matter much, since the empirical fact remains: a very significant fraction of hosts (and not just ours, I might add) are vulnerable. We, as a corporation, have chosen not to take the risk of exposure. Total isolation would be a serious problem; as is, most of what most people need to do on the Internet -- mail, FTP out, telnet both ways -- can be handled in a safer fashion. And most of the exceptions can be dealt with in other ways -- we do have a few more hosts that are directly connected to the Internet, but they're used for special purposes, and don't talk to anything else internally; they're dead ends. In the abstract, I mostly agree with Phil Karn -- hosts should be able to protect themselves. In fact, I spend a lot of my time working on mechanisms to help that cause. In practice, neither he nor I can administer every machine in our respective companies. I'll quote Phil's own article: The hard problem, as it turns out, lies not in generating a list of vulnerable systems, but in getting the administrators of those machines to update their software or to fix their system configurations. It's not a technical problem, but it's very real. And, given rlogin and its friends, if one host falls, a lot more will fall with it. Incidentally, I say ``mostly'' because there's an important class of device -- dial-out modems -- that is not capable of security today, and is not likely to be in the forseeable future. Finding a dialer pool on the Internet would be a hacker's idea of heaven.