Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy? -- Ignore unavailable to you. Want to Upgrade?

To: ToySoldier who wrote (28485)	10/6/1999 11:20:00 PM
From: Scott C. Lemon	Read Replies (2) \| Respond to of 42771

Hello ToySoldier, Busy day ... but the stock looks better ... if only it would add 8 or 9 more points! ;-) > Who cares about that as far as security is concerned?!? If a simple > NAT gateway can spoof a firewall - even one that is promoted to > provide logical level security like NDS - because the firewall > cannot validate the true source of the conversation, then NDS > managing the IP-Address to NDS user association means squat. So this again is an interesting line of thought. Of course NAT can do this ... that's what it was designed for. And NDS managing the IP address is actually extremely powerful ... but not for the purpose that you propose. A similiar situation would be to have a house, and buy a phone line. The phone company then tells you the line is for one phone. You go out and buy a small PBX phone system. How do you propose that the phone company "detect" that you have a PBX? For every little electronic "clue" I'll bet you I could get around it ... in fact I did all through high school ... ;-) You seem to be thinking in a very backwards time ... when a phone company could charge you for each phoneset in your house! This would be like the water company charging for each faucet that you install to get water. The Internet is just another pipe ... and the smart ISPs have figured that out. It's a "metered" utility ... that's it. Once it's in your house, it's yours. I'm afraid that you seem fixated on a "problem" that in nothing but ancient history ... ;-) > Sure its nice that NDS can track and manage that for the > Administrator, but this does not address the non-repudiation (sorry > I used the wrong term the last time) issue. This is a very different issue ... what you are asking for can really only be provided with protocols which were designed for this purpose. Or, the other solution would be to create a client application which completely "shells" the communications software and provides the secure pipe. But as you mention below ... this doesn't do anything either ... you're looking to solve the unsolvable. > I am only a lowy Architect - Sure ... sure ... sure ... I know better! ;-) > I only put the solutioned pieces together. If these pieces have > fundamental holes in it - then all I can say is - FIX IT. So what > the answer on how that would be addressed likely better fits in > your court. If you can tell me how the water company can count faucets in your house, without entering, we have found the solution! > My thoughts right away were similar to yours in a way. Possibly a > new NDS-enabled architecture would have to be created. Let me ask > you, what if BroderManager required all internal NDS workstations > to VPN through it in order to gain access to the outside world. > A VPN is a point to point connection. How would the NAT destroy > this non-repudiation? I would think that the abusing @HOME user > would simply establish the NAT gateway to be the VPN source and > then users behind the gateway would run inside this security pipe. Bingo! No solution! Again, I'm afraid that your "anti-NAT" emotions have got ahold of you. Most of the ISPs (including the ones that you mentioned) have recognized that "throttling" the connection (i.e. setting the size of the pipe you get) is the business they are in. How you use it is up to you. They can charge you for additional IP addresses ... but again, not the number of machines. > What can be done - I guess nothing. Yep ... > The more important point I make is that Novell's NDS message > implies true non-repudiation, but on the important area of Internet > activity where e-commerce is/will rely upon, NDS cannot assure true > end-to-end non-repudiation from the source! I'm not sure why you associate all of this to detecting NAT ... these are very different things ... > As for the RATS comment - then wasnt meant to imply that you and > the other folks leaving Novell are dirty sleezy people. ... but I still had to give you a hard time! ;-) > So I put the question to you Scott - your the Engineer - how would > you solve this MAJOR gap that even Novell's NDS cannot solve? I would bill by bandwidth and not worry about NAT! ;-) Scott C. Lemon