RE: [security-area] FIG WG charter proposal
From my perspective, I was looking at the firewall as a function in a more abstract way. This function could be deployed as part of the stack/middleware (on the same host) or as an independent entity (as a mid-box), and multiple such functions might need to be traversed. So even
Matt, You bring up a good point. though issues/solutions might be similar , I agree that we still need to explicitly discuss these issues as related to different deployment use-cases. Creating a generic reference diagram capturing the various use-cases will be useful as part of the first document within the WG. Inder -----Original Message----- From: owner-security-area@ggf.org [mailto:owner-security-area@ggf.org] Sent: Monday, December 20, 2004 12:08 PM To: security-area@ggf.org Subject: Re: [security-area] FIG WG charter proposal Some grid resources operate at speeds beyond the range of current choke-point firewalls. I would like to see explicit mention in the charter of attention to the case where the firewall function is integral to the host. There may still be interaction with an external policy-control service for approval of rule changes. Matt Crawford <crawdad@fnal.gov> Fermilab Computer Security Coordinator
Inder, Matt, I concur with Matt and Inder - firewall functions inside hosts must also be considered.explicitly. Matt, thanks for bringing this up. I am currently in "comment collection mode" and will put out a new charter based on the feedback received by tommorrow. Regards .. Leon. Inder Monga wrote:
Matt,
You bring up a good point.
From my perspective, I was looking at the firewall as a function in a more abstract way. This function could be deployed as part of the stack/middleware (on the same host) or as an independent entity (as a mid-box), and multiple such functions might need to be traversed. So even though issues/solutions might be similar , I agree that we still need to explicitly discuss these issues as related to different deployment use-cases. Creating a generic reference diagram capturing the various use-cases will be useful as part of the first document within the WG.
Inder
-----Original Message----- From: owner-security-area@ggf.org [mailto:owner-security-area@ggf.org] Sent: Monday, December 20, 2004 12:08 PM To: security-area@ggf.org Subject: Re: [security-area] FIG WG charter proposal
Some grid resources operate at speeds beyond the range of current choke-point firewalls. I would like to see explicit mention in the charter of attention to the case where the firewall function is integral to the host. There may still be interaction with an external policy-control service for approval of rule changes.
Matt Crawford <crawdad@fnal.gov> Fermilab Computer Security Coordinator
participants (2)
-
Inder Monga -
Leon Gommans