Firewall Wizards mailing list archives
Re: Nokia/Checkpoint firewall
From: Jerald Josephs <jerald.josephs () iprg nokia com>
Date: Tue, 08 Feb 2000 01:37:01 -0800
Josef Pojsl wrote:
Jerald, many thanks for your input. I was especially concerned about the version of FreeBSD that is your product based on. I was not able to find any reference about it on your web site - have I missed something?
I don't believe that it is posted on our web site. That was my contribution from within.
To restate my position, it comes from my strong belief that open systems are more secure. I did not mean to impeach anyone's competence personally. Still, IMHO, fixes and enhancements given to public are likely to be more secure. For any security fixes and/or enhancements made by Nokia, I would expect one of the following to happen: 1) You send them to the FreeBSD team that will eventually create patches or, in the case of new features, (a) port(s). This is my favourite as the authors of the OS know their system better than anyone.
It is possible that the FreeBSD team might be able to integrate the changes that we make to IPSO, but I sincerely doubt it. The core of IPSO's TCP/IP deviates from the FreeBSD code base since 2.2.6. IPSO is an operating that is different from FreeBSD as much as SunOS is.
2) If you want to keep your changes private and base your business on them, you transparently explain what exactly has been changed or added and how (ideally, you would make the sources public, eventually still keeping your intelectual property).
Not a bad suggestion, but certainly one that would be made by others within the organization. :-)
With full respect to the skills and commitment of your team, I can't fully trust general statements about higher security of your product unless there is a chance to look at it in detail.
That makes sense to me. Perhaps I would have been wiser to state that IPSO is a hardened operating system that could be compared to what you would have if you installed the Solaris Core + enough packages, in order to run ASET and BSM, preparing the system to be a firewall. I would like to refer to this as a hardened OS. This, and the known FreeBSD TCP/IP security holes that have been plugged up, are the two things that I was thinking of when I made my statement that IPSO is more secure than FreeBSD. Cheers, Jerald
With regards, Josef On Fri, Feb 04, 2000 at 09:02:17PM -0800, Jerald Josephs wrote:IPSO is based upon FreeBSD 2.2.6. All known security issues in FreeBSD have been incorporated into IPSO as we have become aware of them. Whereas FreeBSD is an effort supported by contributions from many sources, IPSO development is a concerted effort under the focused attention of a group of engineers that include some who have been involved in UNIX development since the beginning of UNIX. I respect your concern, Josef, however, IPSO is MORE SECURE than any implementation of FreeBSD that you can obtain. You suggest that Nokia is not competent when it comes to OS development because you assume that the Security Platforms are engineered by those who are responsible for other Nokia products, such as mobile phones. Perhaps you don't recall that Nokia acquired Ipsilon Networks in 1997 and the IP in IP650 means Ipsilon. The Nokia Security Platform continues to be developed under the direct supervision of the original core group that made up Ipsilon Networks. I am one of them. Sincerely, --- Jerald Josephs
-- Jerald.Josephs () iprg nokia com (650) 625-2175 (office) Manager Proactive Services Nokia IP Routing Group http://www.iprg.nokia.com Customer Support (888)477-9824 or (650)625-2525
Attachment:
jerald.josephs.vcf
Description: Card for Jerald Josephs
Current thread:
- Lost DH-key, (continued)
- Lost DH-key Joe Ippolito (Feb 02)
- Re: Lost DH-key Sean Costello (Feb 04)
- Re: Nokia/Checkpoint firewall Joe Ippolito (Feb 02)
- Re: Nokia/Checkpoint firewall Roelof JT Jonkman (Feb 03)
- RE: Nokia/Checkpoint firewall Mike Hartnett (Feb 06)
- Re: Nokia/Checkpoint firewall Jerald Josephs (Feb 06)
- Lost DH-key Joe Ippolito (Feb 02)
- Re: Nokia/Checkpoint firewall Josef Pojsl (Feb 03)
- RE: Nokia/Checkpoint firewall Yin To Chu (Feb 03)
- Re: Nokia/Checkpoint firewall Jerald Josephs (Feb 06)
- Re: Nokia/Checkpoint firewall Josef Pojsl (Feb 07)
- Re: Nokia/Checkpoint firewall Jerald Josephs (Feb 10)