ISMS working group
Ken Arnold <arnold@moonhill.org> Thu, 08 September 2005 15:51 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EDOgR-0005Uj-No; Thu, 08 Sep 2005 11:51:27 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECkLD-0008Ux-El; Tue, 06 Sep 2005 16:46:52 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA27768; Tue, 6 Sep 2005 16:46:49 -0400 (EDT)
Received: from out4.smtp.messagingengine.com ([66.111.4.28]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ECkOC-0002Cw-Jp; Tue, 06 Sep 2005 16:49:59 -0400
Received: from frontend1.internal (mysql-sessions.internal [10.202.2.149]) by frontend1.messagingengine.com (Postfix) with ESMTP id 872BECCE461; Tue, 6 Sep 2005 16:46:34 -0400 (EDT)
Received: from frontend2.messagingengine.com ([10.202.2.151]) by frontend1.internal (MEProxy); Tue, 06 Sep 2005 16:46:34 -0400
X-Sasl-enc: w7yBoxHfQue1UJQ3FrStrwi/iSorQt1ap1Sk9Dj418ps 1126039593
Received: from [192.168.1.103] (209-6-251-216.c3-0.lex-ubr2.sbo-lex.ma.cable.rcn.com [209.6.251.216]) by frontend2.messagingengine.com (Postfix) with ESMTP id 2EBFF5703A8; Tue, 6 Sep 2005 16:46:33 -0400 (EDT)
In-Reply-To: <431DD59A.4000400@ofcourseimright.com>
References: <431DD59A.4000400@ofcourseimright.com>
Mime-Version: 1.0 (Apple Message framework v734)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <AE6514F0-4714-4A48-9F56-A155823489F2@moonhill.org>
Content-Transfer-Encoding: 7bit
From: Ken Arnold <arnold@moonhill.org>
Date: Tue, 06 Sep 2005 16:46:33 -0400
To: Eliot Lear <lear@ofcourseimright.com>
X-Mailer: Apple Mail (2.734)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Thu, 08 Sep 2005 11:51:23 -0400
Cc: iesg@ietf.org, ietf@ietf.org
Subject: ISMS working group
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Firewalls are a ubiquitous feature of my everyday life, as is NAT.
My home is behind a NAT-ing firewall; my laptop has its own firewall;
every time I travel I rely on that firewall in hot spots (such as
starbucks); I run VirtualPC on my Mac, which has a firewall and NAT
translation; my parent's system is similar to mine: NAT-ing firewall
and on-system firewall for double protection (as are my in-laws' and
brothers' systems); my previous company had a NAT-ing firewall for
each ISP connection, and their product (a linux cluster) had a
firewall to protect itself from the customer's own internal network.
Many small network appliances have firewalls (sometimes NAT-ing ones)
that protect themselves the same way. I could go on and on.
Which means that any network solution -- let alone something as
potentially central as SNMP -- that ignores either NAT or firewall --
is dead on arrival as far as I'm concerned, and as far as any IT
group I've ever seen is concerned. If there are non-firewalled
networks of consequence anymore I am unaware of them. Ignoring these
relegates any solution to theoretical situations or very small in-
home or in-group solutions. Then someone else will have to figure
out some way to manage anything larger scale, which will be able to
also handle small scale and so will overwhelm the non-firewalling,
non-NAT-ing designs. But only after such a relatively impotent
design confuses the world by adding yet one more standard to chose from.
Please get this right this time by including firewalls and NAT in the
solution space so it really *is* a solution.
Ken
P.S. Please also note that a non-firewalled SNMP creates some
pressure to bring down firewalls, to trade off SNMP for security.
Things that pressure networks to be less secure are pretty antisocial
in our current security environment of zombie spam farms, etc.
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
- Re: ISMS working group Margaret Wasserman
- ISMS working group Ken Arnold
- Re: ISMS working group and charter problems Jim Thompson
- Re: ISMS working group Ken Arnold
- RE: ISMS working group Fleischman, Eric
- RE: ISMS working group Nelson, David
- RE: ISMS working group Daniel Senie
- Re: ISMS working group Eliot Lear
- Re: ISMS working group and a clarification about … Eliot Lear
- Re: ISMS working group Margaret Wasserman
- Re: ISMS working group Eliot Lear
- Re: ISMS working group Eliot Lear
- Re: ISMS working group Margaret Wasserman
- Re: ISMS working group Daniel Senie
- Re: ISMS working group Eliot Lear
- Re: ISMS working group Eliot Lear
- Re: ISMS working group Wes Hardaker
- Re: ISMS working group Brian E Carpenter