Re: Leader in firewall product

[Magosányi Árpád <mag () bunuel tii matav hu>]

A levelezőm azt hiszi, hogy Rick Murphy a következőeket írta:
> At 10:27 AM 9/18/2000 +0200, =?iso-8859-2?Q?Magos=E1nyi_=C1rp=E1d?= wrote:
> > > > -Borderware
> > Borderware is just a hardened Gauntlet running on a hardened BSD.
> > (Okay, maybe it isnt gauntlet, but the feeling is the same).
> > It has an ST which claims it to be EAL4, but I cannot imagine
> > how could that ST got evaluated (not big issues, but I had
> > some formal problems with it). It seems really a secure one
> > for the old-type internet firewall usage, I say it from
> > experience. But do not hit it with big traffic.
>
> Gauntlet was ITSEC evaluated at E3, which is roughly equivalent to EAL4.

A NAI employee just wrote personally that Gauntlet unix is certified
in EAL1, and they plan EAL2 and EAL4.  
If you consider that even the low risk firewall PPs are EAL2, they
really have some work ahead.
It is about EAL. The other dimension is the security functionality.
I am primarily interested in mandatory access control and
covert channel limitation features.

(But I still think that Gauntlet is a decent firewall. A friend just
yesterday told me that he was configuring one of those SPF routers
and now he really sees the difference. [he has some 3 years experience
with Gauntlet, we did some tricks with it what you were never dream of])




-- 
GNU GPL: csak tiszta forrásból

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards