Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: chroot useful?

From: "C. Harald Koch" <chk () utcc utoronto ca>
Date: Tue, 18 Nov 1997 11:59:45 -0500
In message <3.0.3.32.19971117060134.006d3c48 () fw itm-inst com>, Rick Murphy writes:


I only know the details of a couple of firewall products well enough to
say that the "hardened OS" really isn't - are there any products that
actually dip down into the kernel and make changes to the overall
environment to make the system less vulnerable to attack?


Since you asked:

For BorderWare, I'll point you to
<http://www.securecomputing.com/bw50tech.pdf>, page 41-42, which describes
some of the details of the BFS hardened OS. Obviously this is a 'gentle'
overview, but it summarizes the important changes.
 
Sidewinder ships on a Type Enforced OS;
<http://www.securecomputing.com/SWFwhitepaper.pdf> page 8-13 contains a
description of TE and the rationale for using it on a Firewall.


I'm wary of being mis-interpreted as advertising here. So, if there is
interest, I can write a longer message describing the BFS and Sidewinder
environments in a bit more detail (from a purely technical POV, of course).
Send me e-mail.

-- 
Harald Koch <chk () utcc utoronto ca>
Previous By Date Next
Previous By Thread Next

Current thread: