Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Important Comments re: INtrusion Detection

From: Aleph One <aleph1 () dfw dfw net>
Date: Sun, 15 Feb 1998 19:59:38 -0600 (CST)
On Mon, 16 Feb 1998, Darren Reed wrote:


This raises the argument for using "secure" operating systems, which can
potentially detect abnormal events in `sub-processes' which handle TCP,
etc, and confine their ability to do damage.


Agreed. This is an area I sadly see no progress in. Last time I checked
POSIX.1e (capabilities, ACLs, auditing, labels and MACs) was on its last
ballot before being approved but they where also about to kill it since
its been on the workgroup for about 13 years (normally its only takes a
few years to create and publish the standard). My guess is that POSIX.1e
(aka POSIX.6) is dead.

Nonetheless, I'd like to see OS and firewalls vendors integrate these
features into their products (particularly capabilities and MACs). Secure
Computing is to be commended for using some of this (or similar)
technology on their Sidewinder firewall. Harris as well for the
CyberGuard firewall running in a B1 operating system. HP also has a secure
web server product running under a secure version of HP-UX. To bad that
that version is compleatly different from CMW HP-UX which is developed by
a different team. A waste of efforts if you ask me. Of curse these
products vary a lot on how well integrated they are and how much use
they make of the features of the underlaying secure OS but it is a trend
I'd like so see on the rise.


Darren



Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
Previous By Date Next
Previous By Thread Next

Current thread: