Re: IP Tables and Packet filtering Linux 2.4

[Rick Smith at Secure Computing <rick_smith () securecomputing com>]

At 03:40 PM 8/28/2001, adam wrote:

> There is also info about Security Enhanced Linux (made by the National 
> Security Agency) .. how come i am mis trusting of this distro of linux?

Or, think about it from the NSA's point of view -- they couldn't get 
*anyone* to build them a custom OS with the types of protection they 
needed, but they *could* get a usable OS by adapting Linux to meet their 
needs.

We were involved in the SE Linux development here at SCC. It was a long 
process before they finally released the source, but it happened. The nice 
thing about SE Linux is that you can actually look over the code yourself 
to try to find the back doors. You won't find any, tho' of course nobody 
warrants it against the presence of bugs.

Nobody who's serious about security builds back doors into security 
devices, though of course it's prudent to worry about such things. Building 
strong security is a tough enough challenge by itself. Adding back doors 
only makes the system more fragile, since automated back doors work as well 
for adversaries as they work for those in-the-know.

Rick.
smith () securecomputing com          roseville, minnesota
"Authentication" coming in October http://www.visi.com/crypto/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards