BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Port Scanning

Subject: [Discuss] Port Scanning
From: dsr at randomstring.org (Dan Ritter)
Date: Fri, 2 Aug 2024 07:35:22 -0400
In-reply-to: <eab89920-4fb9-42ff-80f4-f645b4fa96fb@syntheticblue.com>
References: <5c43eee0-caaf-45d6-8fdb-273cb3d8ea6d@borg.org> <20240801172933.yqcdeki3ntkrrl2t@randomstring.org> <51804f85-9275-4d89-9dc2-86234cdb299b@borg.org> <20240801210627.bzw47tfmyxofcep3@randomstring.org> <82b0d41d-075d-496e-9e1f-ef1529623c38@borg.org> <20240801182824.4bf21319.Richard.Pieri@gmail.com> <f6d905fd-7886-4cf2-9b02-f6d89f60adf0@borg.org> <20240801214606.5bebc46a.Richard.Pieri@gmail.com> <eab89920-4fb9-42ff-80f4-f645b4fa96fb@syntheticblue.com>

Daniel M Gessel wrote: 
> Firewalls seem like an ideal solution: a trusted network inside an effective
> firewall is free from the (not insignificant) overhead of security.
> 
> But firewalls aren't completely effective and are only one tool that we all
> use on a daily basis.

The biggest problem with firewalls is what they lack, rather
than what they have. They aren't, generally, integrated with an
authentication system. They are sometimes integrated with a
protocol verification system, but not often, because that's much
harder to get right and keep working.

So the usual workaround is to add a VPN, where strongly
authenticated machines can become part of the inside rather than
the outside. This doesn't actually pass any authentication
information to the inside services, so complicated work-arounds
exist.

The second biggest problem is that we started using a
firewall-evading technology to invite other people to run code on
our machines -- web browsers.

-dsr-

Follow-Ups:
- [Discuss] Port Scanning
  - From: richard.pieri at gmail.com (Rich Pieri)

References:
- [Discuss] Port Scanning
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] Port Scanning
  - From: dsr at randomstring.org (Dan Ritter)
- [Discuss] Port Scanning
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] Port Scanning
  - From: dsr at randomstring.org (Dan Ritter)
- [Discuss] Port Scanning
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] Port Scanning
  - From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Port Scanning
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] Port Scanning
  - From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Port Scanning
  - From: daniel at syntheticblue.com (Daniel M Gessel)

Prev by Date: [Discuss] Port Scanning
Next by Date: [Discuss] Port Scanning
Previous by thread: [Discuss] Port Scanning
Next by thread: [Discuss] Port Scanning
Index(es):
- Date
- Thread