Firewall Wizards mailing list archives
Re: IP Tables and Packet filtering Linux 2.4
From: Rick Smith at Secure Computing <rick_smith () securecomputing com>
Date: Thu, 30 Aug 2001 09:53:39 -0500
At 03:40 PM 8/28/2001, adam wrote:
There is also info about Security Enhanced Linux (made by the National Security Agency) .. how come i am mis trusting of this distro of linux?
Or, think about it from the NSA's point of view -- they couldn't get *anyone* to build them a custom OS with the types of protection they needed, but they *could* get a usable OS by adapting Linux to meet their needs.
We were involved in the SE Linux development here at SCC. It was a long process before they finally released the source, but it happened. The nice thing about SE Linux is that you can actually look over the code yourself to try to find the back doors. You won't find any, tho' of course nobody warrants it against the presence of bugs.
Nobody who's serious about security builds back doors into security devices, though of course it's prudent to worry about such things. Building strong security is a tough enough challenge by itself. Adding back doors only makes the system more fragile, since automated back doors work as well for adversaries as they work for those in-the-know.
Rick. smith () securecomputing com roseville, minnesota "Authentication" coming in October http://www.visi.com/crypto/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- IP Tables and Packet filtering Linux 2.4 adam (Aug 29)
- Re: IP Tables and Packet filtering Linux 2.4 Jose Nazario (Aug 31)
- Re: IP Tables and Packet filtering Linux 2.4 Rick Smith at Secure Computing (Aug 31)
- Re: IP Tables and Packet filtering Linux 2.4 beldridg (Aug 31)