SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Technology Stocks : Novell (NOVL) dirt cheap, good buy?
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: Scott C. Lemon who wrote (28471)10/6/1999 10:53:00 AM
From: ToySoldier  Read Replies (1) of 42771
 
NDS still manages the association of IP Address and NDS user for you ... so the admin doesn't have to keep track of what IP address you happen to sit down at ... but non-repudiation?

Who cares about that as far as security is concerned?!? If a simple NAT gateway can spoof a firewall - even one that is promoted to provide logical level security like NDS - because the firewall cannot validate the true source of the conversation, then NDS managing the IP-Address to NDS user association means squat.

Sure its nice that NDS can track and manage that for the Administrator, but this does not address the non-repudiation (sorry I used the wrong term the last time) issue.

I am only a lowy Architect - I only put the solutioned pieces together. If these pieces have fundamental holes in it - then all I can say is - FIX IT. So what the answer on how that would be addressed likely better fits in your court.

My thoughts right away were similar to yours in a way. Possibly a new NDS-enabled architecture would have to be created. Let me ask you, what if BroderManager required all internal NDS workstations to VPN through it in order to gain access to the outside world. A VPN is a point to point connection. How would the NAT destroy this non-repudiation? I would think that the abusing @HOME user would simply establish the NAT gateway to be the VPN source and then users behind the gateway would run inside this security pipe.

So, I agree with you in that some PC-client-device identified end-to-end authentication system would have to be developed. You are correct that because of the IETF standards, even NDS cannot assure a true non-repudiation process.

What can be done - I guess nothing. The more important point I make is that Novell's NDS message implies true non-repudiation, but on the important area of Internet activity where e-commerce is/will rely upon, NDS cannot assure true end-to-end non-repudiation from the source!

As for the RATS comment - then wasnt meant to imply that you and the other folks leaving Novell are dirty sleezy people. It implies that you all were smart enough to know when to get off a ship while is is still floating - why - because you saw the leaks in the hull that no one else could see.

So I put the question to you Scott - your the Engineer - how would you solve this MAJOR gap that even Novell's NDS cannot solve?

Toy
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News