[Discuss] Port Scanning

[Dan Ritter]

Daniel M Gessel wrote: 
> Firewalls seem like an ideal solution: a trusted network inside an effective
> firewall is free from the (not insignificant) overhead of security.
> 
> But firewalls aren't completely effective and are only one tool that we all
> use on a daily basis.

The biggest problem with firewalls is what they lack, rather
than what they have. They aren't, generally, integrated with an
authentication system. They are sometimes integrated with a
protocol verification system, but not often, because that's much
harder to get right and keep working.

So the usual workaround is to add a VPN, where strongly
authenticated machines can become part of the inside rather than
the outside. This doesn't actually pass any authentication
information to the inside services, so complicated work-arounds
exist.

The second biggest problem is that we started using a
firewall-evading technology to invite other people to run code on
our machines -- web browsers.

-dsr-