[security-area] FIG WG charter proposal
lgommans at science.uva.nl
Tue Dec 21 12:49:37 CST 2004
I concur with Matt and Inder - firewall functions inside hosts must also
be considered.explicitly. Matt, thanks for bringing this up.
I am currently in "comment collection mode" and will put out a new
charter based on the feedback received by tommorrow.
Regards .. Leon.
Inder Monga wrote:
> You bring up a good point.
> From my perspective, I was looking at the firewall as a function in a
> more abstract way. This function could be deployed as part of the
> stack/middleware (on the same host) or as an independent entity (as a
> mid-box), and multiple such functions might need to be traversed. So
> even though issues/solutions might be similar , I agree that we still
> need to explicitly discuss these issues as related to different
> deployment use-cases. Creating a generic reference diagram capturing
> the various use-cases will be useful as part of the first document
> within the WG.
> -----Original Message-----
> From: owner-security-area at ggf.org [mailto:owner-security-area at ggf.org]
> Sent: Monday, December 20, 2004 12:08 PM
> To: security-area at ggf.org
> Subject: Re: [security-area] FIG WG charter proposal
> Some grid resources operate at speeds beyond the range of current
> choke-point firewalls. I would like to see explicit mention in the
> charter of attention to the case where the firewall function is
> integral to the host. There may still be interaction with an external
> policy-control service for approval of rule changes.
> Matt Crawford <crawdad at fnal.gov>
> Fermilab Computer Security Coordinator
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security-area