Firewall Wizards mailing list archives
Re: Trusted Unices Aren't?
From: "Paul D. Robertson" <proberts () clark net>
Date: Thu, 29 Oct 1998 09:02:58 -0500 (EST)
On Fri, 23 Oct 1998, Rick Smith wrote: (Hi Rick!)
I was mildly surprised that TIS never used it to field some sort of firewall in the mid '90s. (cue to Marcus for Orange Book flame :-> ).
I've always been surprised that nobody has jumped on the "secure Web server" market, especially in the commerce environments. Anyway, just in case anyone's interested in looking at some OS features that start to approach the alphabet soup model, an interesting project (Ruleset Based Access Control) in that regard is at: http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac/ Compartments aren't there yet, but there's a surprising ammount of work that's been done (and a lot left to be done). I'm looking at implementing selected infrastructure services with it once it stabalizes, including DNS in my firewall environment. It's a Linux implementation for those who are allergic to such. It comes with full source code and reasonable documentation. I happen to think that having serious per-service protection for both firewall components and general OS' are a good thing. YPMV. Summary of what's covered in RSBAC (lifted from above Web page): ===================================================================== MAC Bell-LaPadula Mandatory Access Control (compartements not yet implemented) CWI Clark-Wilson-Integrity (only basics implemented) FC Functional Control. A simple role based model, restricting access to security information to security officers and access to system information to administrators. SIM Security Information Modification. Only security administrators are allowed to modify data labeled as security information. PM Privacy Model. Simone Fischer-H|bner's Privacy Model in its first implementation. See our paper on PM implementation for the NISS 98 Conference MS Malware Scan. Scan all files for malware on execution (optionally on all file read accesses or on all TCP/UDP read accesses), deny access if infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull of others are detected. ===================================================================== There's supposed to be a new list for the project, but I've had trouble resolving the hostname I was given. Interested parties should follow the mailto: link(s) on the above page. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- Trusted Unices Aren't? ark (Oct 16)
- Re: Trusted Unices Aren't? Randy Taylor (Oct 16)
- <Possible follow-ups>
- Re: Trusted Unices Aren't? steve . gailey (Oct 19)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Rick Smith (Oct 28)
- Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
- Re: Trusted Unices Aren't? dreamwvr (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Message not available
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)