Firewall Wizards mailing list archives
Re: chroot useful?
From: "C. Harald Koch" <chk () utcc utoronto ca>
Date: Tue, 18 Nov 1997 11:59:45 -0500
In message <3.0.3.32.19971117060134.006d3c48 () fw itm-inst com>, Rick Murphy writes:
I only know the details of a couple of firewall products well enough to say that the "hardened OS" really isn't - are there any products that actually dip down into the kernel and make changes to the overall environment to make the system less vulnerable to attack?
Since you asked: For BorderWare, I'll point you to <http://www.securecomputing.com/bw50tech.pdf>, page 41-42, which describes some of the details of the BFS hardened OS. Obviously this is a 'gentle' overview, but it summarizes the important changes. Sidewinder ships on a Type Enforced OS; <http://www.securecomputing.com/SWFwhitepaper.pdf> page 8-13 contains a description of TE and the rationale for using it on a Firewall. I'm wary of being mis-interpreted as advertising here. So, if there is interest, I can write a longer message describing the BFS and Sidewinder environments in a bit more detail (from a purely technical POV, of course). Send me e-mail. -- Harald Koch <chk () utcc utoronto ca>
Current thread:
- Re: chroot useful?, (continued)
- Re: chroot useful? Anton J Aylward (Nov 15)
- Re: chroot useful? Steven M. Bellovin (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 15)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Rick Murphy (Nov 17)
- Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 20)
- Re: Hardening, (was Re: chroot useful?) Paul D. Robertson (Nov 21)
- Re: chroot useful? C. Harald Koch (Nov 20)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 15)
- Re: chroot useful? Wolfgang Ley (Nov 16)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Aleph One (Nov 17)
- syscall wrappers (was Re: chroot useful?) Bennett Todd (Nov 17)
- Re: syscall wrappers (was Re: chroot useful?) George Ross (Nov 20)
- Re: chroot useful? Darren Reed (Nov 20)
- Firewalling DCOM and brethren David C Niemi (Nov 21)