Firewall Wizards mailing list archives
Re: Trusted Unices Aren't?
From: Rick Smith <rick_smith () securecomputing com>
Date: Fri, 30 Oct 1998 11:00:40 -0600
At 09:02 AM 10/29/98 -0500, Paul D. Robertson wrote:
I've always been surprised that nobody has jumped on the "secure Web server" market, especially in the commerce environments. ....
Me, too. Here at SCC we stick our toe in every so often, but haven't made much of a splash. An early version of Sidewinder was offered in a form that supported the Netscape Commerce Server in a type enforced partition. The notion was that a successful penetration of the Commerce Server process would generate a TE violation and raise the alarm while similar behavior on an COTS OS would go unnoticed. We don't have any such offering at the moment. A couple of our former colleagues went to SecureWare in Atlanta. SecureWare implemented a secure online banking system on their CMW, complete with a 100% functional demo bank. They were very happy with the fact that the Comptroller of the Currency approved their implementation. The "demo" bank was such a success that it bought out one part of SecureWare and HP bought out the rest. HP's "Virtual Vault" is the result -- another attempt to commercialize secure servers. I don't know how successful they've been, but I heard discouraging rumors several months back. Every now and then I see other MLS or CMW vendors offering similar things at trade shows. I rarely see these things featured, and they don't appear to prosper as product lines. Marcus noted a while back that the big driver in e-commerce is the cost per transaction. It costs more to buy a high security platform and it costs more to implement an application atop one. So the higher security is only going to happen if the online application is significantly more profitable than existing processes *and* the perceived risk is high enough. Although we might like to talk about highly profitable raids on e-commerce operations, real world experience hasn't reached the level where people are really scared of it. Rick. smith () securecomputing com
Current thread:
- Re: Trusted Unices Aren't?, (continued)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Sidebar on a historical security model David Collier-Brown (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Re: Trusted Unices Aren't? ark (Nov 02)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? dreamwvr (Nov 02)
- Re: Trusted Unices Aren't? dreamwvr (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Re: Trusted Unices Aren't? dreamwvr (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)
- Re: Trusted Unices Aren't? Paul McNabb (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)