Security Basics mailing list archives

RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk

From: "Steven Jones" <Steven.Jones () vuw ac nz>
Date: Mon, 27 Feb 2006 09:51:44 +1300

The answer should be obvious,

Most people don't want security at any cost, otherwise most people would
not be running a MS OS.

The answer is a balance of cost, usability and security. The service has
to be affordable when looked at in TCO terms. Ie yes, risk of being
hacked has to be considered as part of business risk/impact on the life
cycle, but it is usully not the be all and end all.

Also add in getting applications to run well on an anally retentative
system can be hard work, the performance if lots of logging is done can
kill i/o....so often the hardware costs more....ie bigger disks or
better still a separate i/o channel for logging and 2 disks
minimum.......

So while there will be organisations that want these high levels of
security these are so few that the economics of specialist OSes is not
there....

Regards

Steven



-----Original Message-----
From: Craig Wright [mailto:cwright () bdosyd com au] 
Sent: Friday, 24 February 2006 12:56 p.m.
To: dave kleiman; security-basics () securityfocus com
Subject: Sun cans Trusted Solaris, was Why Easy To Use Software Is
Putting You At Risk




Hello,
Many people on the list have the idea that people want secure software
at any cost.


Sun have produced a very good product - Trusted solaris for a long time.
I would like people to answer me (if they can) why they have decided to
stop producing it. To explain why, if everyone wants secure by design
software they are not willing to pay the extra cost to obtain it and
thus why Sun is going to no longer support this OS.

Trusted Solaris has an EAL 4+ rating, supports MAC and RBAC and has a
verified architecture.

Instead Sun will add ECC (elliptice curve crypto) to the existing
versions of Solaris.

Flames welcome, please explain why more people are not implementing a
provably more secure system when it is available.

Regards
Craig S Wright

See:
http://www.infoworld.com/article/06/02/13/75309_HNendtrustedsolaris_1.ht
ml

Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is
confidential. If you are not the intended recipient, you must not use or
disclose the information. If you have received this email in error,
please inform us promptly by reply email or by telephoning +61 2 9286
5555. Please delete the email and destroy any printed copy. 


Any views expressed in this message are those of the individual sender.
You may not rely on this message as advice unless it has been
electronically signed by a Partner of BDO or it is subsequently
confirmed by letter or fax signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its
attachments due to viruses, interference, interception, corruption or
unauthorised access.

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Craig Wright (Feb 24)
- RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Al Sutton (Feb 24)
- Re: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Robert Escue (Feb 27)
- <Possible follow-ups>
- RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Craig Wright (Feb 27)
- Re: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk b . hines (Feb 27)
- RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Steven Jones (Feb 27)
- Re: RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk jchambers (Feb 28)