Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: Aleph One <aleph1 () dfw dfw net>
Date: Sun, 15 Feb 1998 19:59:38 -0600 (CST)
On Mon, 16 Feb 1998, Darren Reed wrote:
This raises the argument for using "secure" operating systems, which can potentially detect abnormal events in `sub-processes' which handle TCP, etc, and confine their ability to do damage.
Agreed. This is an area I sadly see no progress in. Last time I checked POSIX.1e (capabilities, ACLs, auditing, labels and MACs) was on its last ballot before being approved but they where also about to kill it since its been on the workgroup for about 13 years (normally its only takes a few years to create and publish the standard). My guess is that POSIX.1e (aka POSIX.6) is dead. Nonetheless, I'd like to see OS and firewalls vendors integrate these features into their products (particularly capabilities and MACs). Secure Computing is to be commended for using some of this (or similar) technology on their Sidewinder firewall. Harris as well for the CyberGuard firewall running in a B1 operating system. HP also has a secure web server product running under a secure version of HP-UX. To bad that that version is compleatly different from CMW HP-UX which is developed by a different team. A waste of efforts if you ask me. Of curse these products vary a lot on how well integrated they are and how much use they make of the features of the underlaying secure OS but it is a trend I'd like so see on the rise.
Darren
Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection marc (Feb 15)
- Re: Important Comments re: INtrusion Detection Steve Bellovin (Feb 14)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 15)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Adam Shostack (Feb 18)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 18)