Firewall Wizards mailing list archives
Re: firewalls and the incoming traffic problem
From: Jeromie Jackson <jeromie () garrison com>
Date: Sun, 02 Nov 1997 09:36:37 -0800
At 10:22 PM 10/1/97 -0500, Rick Smith wrote:
On the other hand, we *do* face an integrity problem, which brings us back around to the start of this discussion thread. This is where MLS comes in handy -- since a "higher" level isn't allowed to modify files belonging to "lower" levels, you place the big bad Internet at a "higher" level and install the files you don't want modified at a "lower" level. This lets the Internet processes read the executable files and the configuration files, but prevents them from modifying them. This is sort of using Bell LaPadula to implement Biba, if you see what I mean. And, of course, it all works much more cleanly with Type Enforcement (tm).
I would also inject that Sidewinder uses independant "domains" for each of the daemons running (Sendmail, telnet, etc,etc.) whereas other products such as Cyberguard have 2 levels (Network, and System). Because of the additional compartmentalization within SCC, more granular process containment is achieved. If only 2 levels are used, compromise of SMTP for example would provide the attacker the opportunity to also attack the rest of the 'domains' or compartments. In a Sidewinder box, compromise of SMTP, or other daemons, would only allow the attacker to touch files and system calls associated with only that process. If a daemon were to be compromised any attempts to circumvent other domains, or the touching of files not directly related to the daemons process would cause a type-enforcement fault, and alams would be generated. In another note, the National Information Assurance Partnership (NIAP) currently has a single level for firewall assurance. Since a few firewalls in the market deploy DTE or other MAC based mechanisms, this is truely an injustice. Comparing the compartmentalization between DAC only, and those products containing DAC & MAC obviously there are levels of security. I hope that others will agree, and express their opinion to the working group. I am working on a paper for submittal in hopes to change this obnoxious flaw in their ratings. It is not fair to the commercial community to not have some showing within the NIAP firewall profile that there are a range of security levels. Firewalls do not all have the same level of assurance, or compartmentalization of vulnerabilities. Jeromie Jackson Senior Security Engineer Garrison Technologies jeromie () garrison com 760-633-1843
Current thread:
- Re: firewalls and the incoming traffic problem Jeromie Jackson (Nov 02)
- <Possible follow-ups>
- Re: firewalls and the incoming traffic problem Paul McNabb (Nov 03)