ABSTRACT
The information security manager is confronted with a wide variety of communications protocols and
services. At one level, the manager would like to be able to ignore how the information gets from one
place to another; he would like to be able to assume security. At another, he understands that he has only
limited control over how the information moves; because the user may be able to influence the choice of
path, the manager prefers not to rely upon it. However, that being said, the manager also knows that there
are differences in the security properties of the various protocols and services that he may otherwise
find useful.