Re: Hardening, (was Re: chroot useful?)

["Paul D. Robertson" <proberts () clark net>]

On Mon, 17 Nov 1997, Marcus J. Ranum wrote:

> I'm not convinced that hardening the O/S is worthwhile. If you are
> going to go that far, just do away with the O/S entirely and replace

That really depends on how 'hardened' the OS is, and what is intended to 
sit there.  For firewalls in general, 'hardening' the system is an easier win
than hardening the OS, and increases the level of assurance perceptably.  
Sometimes there is some value in that, but oftentimes there isn't enough 
significant stuff running on the bastion to warrant that level of 
protection, since you would expect the firewall code itself to be done well. 

On the other hand, I'm looking at the assurance level of TCB OS' for 
things like certain 'extranet' Web servers, where I perceive value in the 
higher level of assurance and more significant degree of 
compartmentalization available.  When the concept of superuser is gone, 
and the ability to grant ability is set in stone with strong audit or 
completely removed from the machine after configuration, I think there's 
great value.  It's more about data integrity and access than machine 
level services though IMO.  

> because you know it's either going to work, or lock up solid. It's
> all really a kind of nitpick point anyhow, since the most likely failure
> mode for the firewall is going to be user configuration errors
> or the incoming traffic problem.

Agreed.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280