Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.milw.wisc.edu!lll-winken!uunet!mcvax!ukc!cam-cl!scc
From: scc@cl.cam.ac.uk (Stephen Crawley)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: IP based authentication of hosts
Message-ID: <710@scaup.cl.cam.ac.uk>
Date: 14 Apr 89 05:33:45 GMT
References: <376@ists.ists.ca> <29416@bu-cs.BU.EDU> <Apr.10.23.46.46.1989.12488@geneva.rutgers.edu> <29455@bu-cs.BU.EDU> <10526@bloom-beacon.MIT.EDU> <29475@bu-cs.BU.EDU> <10540@bloom-beacon.MIT.EDU> <29549@bu-cs.BU.EDU>
Sender: news@cl.cam.ac.uk
Organization: U of Cambridge Comp Lab, UK
Lines: 41

Kent England writes:
> My secure subnet might be a delni in a locked equipment rack.

Are the computers inside the locked equipment rack as well?  If not, 
what is to stop JR User from plugging a PC into a drop cable?  

Suppose that you do put the computers in the locked rack, how do your 
users access the machines?  Lots of 9600 baud async lines?  [You can't 
provide terminal over your LAN without sending network traffic off your 
physically secure subnet!]  What are you going to say to the users who 
want to use a PC or a workstation?  

Do the physically secure machines on the LAN run a secure OS?  If not, 
what is to stop JR Hacker from indulging in a bit of unauthorised spade 
work on the OS kernel to give himself access to ethernet packets?  
[Don't tell me that JR Hacker =/= JR User.  What if he is and you don't
know about it?  What if he is and you DO know about it?!]  

What are you going to say to your users who want to use ... say ... UNIX?

> I am not trying to secure my nets against the KGB, so don't tell me 
> you can crack any net I design and install.  

Just who are you trying to make the system secure against?  Cleaning
ladies?  An undergraduate CS hacker wouldn't have much trouble finding 
a way through your scheme ... given a big enough carrot.  Certainly 
the undergrads around here wouldn't!

I want security that is on the same level as me keeping sensitive 
materials in a locked filing cabinet inside a locked office with the 
nightwatchman walking the corridors.  At the same time I want to use a 
nice bitmapped workstation with several MIPs of local processing power
[In 5-10 years time I'll expect an integrated services workstation.]  
I do NOT want to be forced to use a klunky old 24 by 80 on a 9600 baud 
terminal line.  I do NOT want to have to go down the corridor to the
secure room every time I want to read my email.  

I claim that security without substantial inconvenience is achievable 
using encrypted protocols, but not with a physical security scheme.

-- Steve