[cap-talk] network level designation and authorization
coderman
coderman at gmail.com
Wed Jun 7 19:05:39 EDT 2006
On 6/5/06, Jed at Webstart <donnelley1 at webstart.com> wrote:
> ...
> So ... where to go from here? I still believe that doing the right thing
> (POLA, communicable authority tokens) at the network level (e.g.
> YURLs, widewords, etc.), demonstrating its viability (e.g. for
> resource sharing - perhaps like with Google's new spreadsheet
> application), and then driving that paradigm down to the OS level
> is the most likely approach to succeed.
>
> ... What's really
> needed is a practical path to change the basic authority paradigm
> for computing. To me starting at the level of the network is the best
> hope.
what about virtual private networks for network level designation and authority?
the reason i prefer this approach is:
- it allows you to limit any unauthenticated attacks against services
to the VPN service itself (PPTP, IKE daemons, etc), thus keeping
applications more vulnerable to attack (rich web services, new apps,
etc) inside an authenticated boundary.
- authentication of users is done via VPN credentials (certificates,
shared secrets, opportunistically cached keys, etc) rather than
password, and revocation of user priveleges (across all domains) as
simple and intuitive as terminating their VPN connectivity.
- services are easily bound to specific IP addresses or ports that are
in turn tied to specific virtual private networks available to
authorized clients/users. less complex firewall rules, if any.
- it meshes well with a virtual machine approach to isolating domains
where each VM instance can have it's own network endpoint within
distinct or shared VPN's.
ignoring the management overhead usually associated with virtual
private network administration (they are way more complicated than
they should be) are there other advantages / disadvantages to this
approach?
[i assume hard disk encryption tied to strong user authentication
provides the necessary security for VPN credentials]
i specifically don't like the current web based methods because of:
- much more application "attack surface" presented to unauthenticated attackers.
- lack of strong client authentication.
- relative failure of SSL for privacy and authenticity of communication.
- total inadequacy of the browser for facilitating secure
interactions. (spoofing/social engineering attacks)
would an easy to use virtual private networking toolkit provide the
best network level designation / authorization mechanism?
More information about the cap-talk
mailing list