Firewall Wizards mailing list archives

Re: Nokia/Checkpoint firewall

From: "Josef Pojsl" <josef.pojsl () skynet cz>
Date: Mon, 7 Feb 2000 11:23:31 +0100


Jerald,

many thanks for your input. I was especially concerned about the version
of FreeBSD that is your product based on. I was not able to find
any reference about it on your web site - have I missed something?

To restate my position, it comes from my strong belief that open systems
are more secure. I did not mean to impeach anyone's competence personally.
Still, IMHO, fixes and enhancements given to public are likely to be
more secure. For any security fixes and/or enhancements made by Nokia,
I would expect one of the following to happen:

1) You send them to the FreeBSD team that will eventually create patches
   or, in the case of new features, (a) port(s). This is my favourite
   as the authors of the OS know their system better than anyone.

2) If you want to keep your changes private and base your business
   on them, you transparently explain what exactly has been changed
   or added and how (ideally, you would make the sources public,
   eventually still keeping your intelectual property).

With full respect to the skills and commitment of your team,
I can't fully trust general statements about higher
security of your product unless there is a chance to look at it in detail.

With regards,
Josef


On Fri, Feb 04, 2000 at 09:02:17PM -0800, Jerald Josephs wrote:

IPSO is based upon FreeBSD 2.2.6.
All known security issues in FreeBSD have been incorporated into IPSO
as we have become aware of them.

Whereas FreeBSD is an effort supported by contributions from many sources,
IPSO development is a concerted effort under the focused attention of a group
of engineers that include some who have been involved in UNIX development
since the beginning of UNIX.

I respect your concern, Josef, however, IPSO is MORE SECURE than any
implementation of FreeBSD that you can obtain.

You suggest that Nokia is not competent when it comes to OS development
because you assume that the Security Platforms are engineered by those who
are responsible for other Nokia products, such as mobile phones.  Perhaps you
don't recall that Nokia acquired Ipsilon Networks in 1997 and the IP in IP650
means Ipsilon. The Nokia Security Platform continues to be developed under
the direct supervision of the original core group that made up Ipsilon Networks.

I am one of them.

Sincerely,

--- Jerald Josephs

Current thread:

RE: Nokia/Checkpoint firewall, (continued)
- RE: Nokia/Checkpoint firewall Yin To Chu (Feb 02)
  - Lost DH-key Joe Ippolito (Feb 02)
    - Re: Lost DH-key Sean Costello (Feb 04)
  - Re: Nokia/Checkpoint firewall Joe Ippolito (Feb 02)
    - Re: Nokia/Checkpoint firewall Roelof JT Jonkman (Feb 03)
    - RE: Nokia/Checkpoint firewall Mike Hartnett (Feb 06)
    - Re: Nokia/Checkpoint firewall Jerald Josephs (Feb 06)
  - Re: Nokia/Checkpoint firewall Josef Pojsl (Feb 03)
    - RE: Nokia/Checkpoint firewall Yin To Chu (Feb 03)
    - Re: Nokia/Checkpoint firewall Jerald Josephs (Feb 06)
    - Re: Nokia/Checkpoint firewall Josef Pojsl (Feb 07)
    - Re: Nokia/Checkpoint firewall Jerald Josephs (Feb 10)
- Re: Nokia/Checkpoint firewall dwelch (Feb 04)
- RE: Nokia/Checkpoint firewall dwelch (Feb 04)
- RE: Nokia/Checkpoint firewall Starkey, Kyle (Feb 10)