Firewall Wizards mailing list archives
Re: firewalls and the incoming traffic problem
From: Leonard Miyata <leonard () geminisecure com>
Date: Mon, 29 Sep 1997 10:27:02 -0700 (PDT)
The solutions to this problem does exist, but the traditional 'Red Book' 'Orange Book' view of network security has been abandoned by the firewall community long ago. Bellovin and Cheswick warned against the 'hard crunchy shell with the soft chewy center' solution years ago in their 'Firewalls and Internet Security'. The MLS viewpoint was designed for the traditional military catagories of 'Secret', 'Top Secret' and 'UnClassfied'. The hierarchy of a subject that contains multiple levels probably would not apply to commercial applications. The concept of 'Multiple Single Levels' can be applied to a business model. Instead of 'Secret', 'Top Secret' and 'Unclassified', you could have 'R&D', 'Administration' and 'Marketing'. VPN channels can be established to their remote Single Level counterparts, with defence in depth DAC, I&A, Audit, and MAC (thats Mandatory Access Control, not to be confused with the E-mail term). High security levels would have physical and virtual isolation from networks allowed public internet access. A combination of physical network topology, plus 'Orange Book' Guards and Proxy Bastion Hosts would control cross level data transfer, and limit the amount of information exposed during a possible 'incident'. With the current business environment for network security, I don't see 'Red Book' technology being accepted, but I can dream... Personal Opinions Provided by Leonard Miyata aka leonard () geminisecure com Gemini Computers Inc.
Current thread:
- firewalls and the incoming traffic problem Marcus J. Ranum (Sep 28)
- Re: firewalls and the incoming traffic problem Paul D. Robertson (Sep 28)
- Re: firewalls and the incoming traffic problem Jyri Kaljundi (Sep 29)
- Re: firewalls and the incoming traffic problem Aleph One (Sep 28)
- Re: firewalls and the incoming traffic problem neil d. quiogue (Sep 29)
- Re: firewalls and the incoming traffic problem Aleph One (Sep 30)
- Re: firewalls and the incoming traffic problem neil d. quiogue (Sep 29)
- Re: firewalls and the incoming traffic problem Darren Reed (Sep 28)
- Re: firewalls and the incoming traffic problem Bennett Todd (Sep 29)
- Re: firewalls and the incoming traffic problem Leonard Miyata (Sep 30)
- <Possible follow-ups>
- Re: firewalls and the incoming traffic problem Anton J Aylward (Sep 28)
- Firewall administration. Darren Reed (Sep 29)
- Re: Firewall administration. Bennett Todd (Sep 30)
- Firewall administration. Darren Reed (Sep 29)
- RE: firewalls and the incoming traffic problem Itai Dor-on (Sep 28)
- Re: firewalls and the incoming traffic problem Bennett Todd (Sep 29)
- RE: firewalls and the incoming traffic problem Dana Nowell (Sep 29)
- Re: firewalls and the incoming traffic problem Paul D. Robertson (Sep 28)