Dailydave mailing list archives
Re: Media Excitement!
From: pageexec () freemail hu
Date: Sat, 23 Apr 2005 03:02:18 +0100
On 22 Apr 2005 at 10:09, robert () dyadsecurity com wrote:
The goal here wasn't to say "This one is more secure than that one". It's to say "We have this level of sensitivity and require these particular security mechanisms, and need this assurance level as to the effectiveness of the security mechanisms". Basically, choose the right technology for your environment.
i understood this much ;-), the real question is, which of the solutions in the mentioned URL gives *appropriate assuarance* against exploitation (remember the original question about alternatives to patching)? based on my experience and instinct, none of them does (EAL 4 is little more than a joke), but i'd like to be *proven* wrong.
side question, which one of those didn't have security patches since their evaluation?I believe every product listed has had patches since their evaluation. As I pointed out though in an earlier post, the containment of the compromise, or rather the inherent ability to limit intrusion should be designed into the TCB, not bolted on afterwards.
does any of the mentioned products at that URL contain a compromise (thinking of kernel bugs)? or to be more precise, does any real-life policy (since any deployed MAC system implements one) exclude the compromise of the TCB? if not (which would match my experience), then what's the real point (of getting certified at EAL<7)? _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Media Excitement!, (continued)
- Re: Media Excitement! Jason Falciola (Apr 21)
- ISEAGE Competetion Arun Koshy (Apr 22)
- RE: ISEAGE Competetion Chris Eagle (Apr 22)
- RE: Media Excitement! Kohlenberg, Toby (Apr 21)
- RE: Media Excitement! Anton A. Chuvakin (Apr 21)
- Re: Media Excitement! robert (Apr 21)
- Re: Media Excitement! Cody Hatch (Apr 21)
- Re: Media Excitement! robert (Apr 21)
- Re: Media Excitement! pageexec (Apr 22)
- Re: Media Excitement! robert (Apr 22)
- Re: Media Excitement! pageexec (Apr 22)
- Re: Media Excitement! Cody Hatch (Apr 24)
- Re: Media Excitement! robert (Apr 24)
- Re: Media Excitement! Cody Hatch (Apr 25)
- Re: Media Excitement! Jack (Apr 25)
- Re: Media Excitement! Cody Hatch (Apr 26)
- Re: Media Excitement! pageexec (Apr 26)
- Re: Media Excitement! Jack (Apr 27)
- Re: Media Excitement! pageexec (May 09)
- Re: Media Excitement! robert (May 09)
- Laptop Abuse halvar (Apr 25)