help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfengine, firewall and security


From: Mark . Burgess
Subject: Re: cfengine, firewall and security
Date: Fri, 10 Nov 2000 08:36:43 +0100 (MET)

On  9 Nov, Dan Bethe wrote:
>> There seems to me to be considerable merit to the idea of using rsync
>> to distribute the files; that provides two things:
> 
>       That's a fine idea, Christopher.  I'd like to add that rsync can use
> ssh as its transport (--rsh=ssh) and that ssh can use RSA as its
> authentication method.  But I'm sure you knew that.  :)
> 

I sometimes despair over the popular belief that RSA encryption equals
security. While I agree that RSA is useful and that rsync is efficient,
I am not convinced that there is a general understanding of why. As long
as all source files are coming from a single common, trusted
host, RSA doesn't provide anything that symmetric encryption does not
in this case. That is the main reason why this simpler solution was
used in cfengine. However, in more complex configurations, RSA allows
multiple distinctions to be made between different trusted hosts.

I take issue with the idea that the only machine you need to worry about
is the source machine behind the firewall. Once someone is in control
of any one of your machines, they can do whatever they please. The
worst (for them) they could do with cfengine would be to actually
download the "safe" versions of data through the firewall, and confgure
the machine correctly. The best they could do would be to switch off
cfengine. 

In neither case does cfengine offer a route "through" the firewall.
One could also question the use of encryption for copying public data
(binaries etc). This is just burning unnecessary CPU cycles.  

There are always arguments for using encryption, but my belief is that
they are usually dominated by encryption-fever and that, if folks
spent as much time understanding the trust relationships in their
networks, as they did burning CPU on encryption, their networks
would be more secure. Encryption protects from so few attacks,
on the scale of it all, that its mere mention  makes me groan these
days.

It is not my intention to set of a major debate on the use of
encryption. I just want to point out that this common blind
trust in RSA is often misguided. It is not the panacea of security.

Mark's cynical spiel....;)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





reply via email to

[Prev in Thread] Current Thread [Next in Thread]