Re: Secure desktop idea?

From: vertigo (vertigo@panix.com)
Date: 11/01/01 

Date: Thu, 1 Nov 2001 12:43:24 -0500 (EST)
From: vertigo <vertigo@panix.com>
To: John Oliver <john.oliver@hosting.com>
Subject: Re: Secure desktop idea?
Message-ID: <Pine.NEB.4.40.0111011221250.13741-100000@panix1.panix.com>

On Tue, 30 Oct 2001, John Oliver wrote:
> A thought just occurred to me... desktop systems (and even some servers)
> could be almost completely secure if there was a way to dynamically
> allocate and de-allocate routes. If your system has no default route,
> it ought to be safe from any TCP-based attack. If routes to remote
> networks could be dynamically added as needed, and then removed, it
> seems that it would be virtually impossible for an outsider to even see
> that the host exists, let alone be able to root it.
>
> Ideas? Am I just way off the deep end here? :-)

Interesting idea. A few comments/questions:

1) It sounds like a lot of overhead.
2) It sounds a bit like NAT.
3) How would you communicate with other hosts on the internet
   if there is no route to yours?
4) Does "as needed" mean when a connection is attempted _to_ a host
   on this non-routable network, or when a connection is made _from_ it
   to a host outside of said network?
5) If "as needed" means a connection _to_ it, how is it any different than
   the existing framework with some additional overhead? (I'm not a TCP/IP
   guru by any stretch of the imagination.)
6) If "as needed" means a connection _from_, do all the hosts on such a
   network become temporarily exposed, or just that single host? (I think
   I'm confusing myself now and just being argumentative.)
7) The host is exposed when it is added to the routing table and the whole
   system falls apart.

Where's that copy of TCP/IP Illustrated... :)

vertigo

Relevant Pages

  • java.net.Socket doesnt correctly route over VPN tunnel
    ... correct route to the host. ... at java.net.Socket.(InetAddress host, Int32 port, InetAddress ... Ethernet adapter Built-in Ethernet: ... Active Routes: ...
    (microsoft.public.dotnet.vjsharp)
  • Re: LAN routing
    ... I would not mind at all to put a couple of routes in on each of the subnet ... I would like for every host in main Lan to be able to talk to every host on ... Remote Lan = 192.168.101.0/24 ... >> a router at the remote location and setting them on a new IP scheme/ subnet. ...
    (microsoft.public.windows.server.networking)
  • Re: Script to verify route commands - same after reboot?
    ... > want to double-check that the routes are going to be the same after a ... If you receive mail that routes have changed on a host, ... the startup scripts, ...
    (comp.unix.solaris)
  • RE: Secure desktop idea?
    ... Subject: Secure desktop idea? ... I think the point here is that somewhere on your network, ... >> dynamically allocate and de-allocate routes. ... >> outsider to even see that the host exists, ...
    (Security-Basics)
  • Re: Illinois Supplemental Freeway maps
    ... Aid Primary routes in 1974. ... I also have a copy of the revised route ... Craig and I can host those on midwestroads.com if you would like. ... Just e-mail to webmaster or scott and we'll put them up. ...
    (misc.transport.road)