|
-
August 30th, 2004, 09:39 PM
#11
I think, for all the benefits it will bring, it is going to bring a few headaches too for security admins.... Why?
I really like the ability to look into data streams and see in nice clear "English" what the hell (L)user X is up to now. The built in encryption is going to make that a lot more diffucult and is going to make IDS' have to work even harder, (come to that any signature based detection system will have to work harder).
I would really consider placing an IP6to4 DMZ at the perimeter of the network where the traffic can be sniffed in clear and then, if necessary, IP4to 6 it back for when it is inside the network. It would complicate the architecture but I believe it would be possible and useful.
Thoughts.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote