Firewall Wizards mailing list archives
Re: Trusted Unices Aren't?
From: "Paul D. Robertson" <proberts () clark net>
Date: Fri, 30 Oct 1998 09:30:04 -0500 (EST)
On Fri, 30 Oct 1998, David Collier-Brown wrote:
Methinks the initial hurdle is too high, as measured in dollars. MAC, trusted path and some related work, applied to a non-trustable OS, might make a very nice kind of web server. In fact, if there was a credible standard and an implementation, it would make a good combined server and firewall.
It seems to me, and maybe the practicality aspects aren't something I've given enough thought to - but here's a chance to "raise the bar" on secure systems in an open environment. I think that for application servers, especially in a VPN world, per-service protection is very necessary. I also happen to think that as we evolve firewalls forward, this kind of thing scales nicely to proxing certificates, and producing real per-user, per-service trust models. Administration is still a nightmare, but with a free implementation we have a chance to play with that and hopefully get significantly interesting implementation ideas out.
Borrowing from the ``medieval city'' metaphor, the machine would serve as the gate, the public market inside the gate, and the gate in the inner marketplace wall. You still have to hire some spear-carriers to stand at the gate and catch theives, though.
Certainly, but you'd rather the gatekeepers had strong spears and a good portcullis than a hole in the wall and a stick. One of the things I haven't seen any comments on that I was hoping to see was some thoughts on the fact that here's an implementation that has none of the "evaluation baggage" people are always complaining about, and none of the pricetag or restrictions that typically come with such systems. Maybe it's just not interesting to INFOSEC people anymore to persue the model? If the freeware OS market stands even a 5% chance of raising the bar on system-level security enough that the payware OS' have to follow, it seems worth-while to me. VPNs, telecommuters, extranets, and all the other things we're being avalanched with necessitate per-service security policies instead of per-network ones, I see this as a probable avenue into that realm. There's enough code in the system now to do good things, and enough left to do to shape what can be done. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- Re: Trusted Unices Aren't?, (continued)
- Re: Trusted Unices Aren't? jcp01 (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Re: Trusted Unices Aren't? ark (Nov 02)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? ark (Nov 02)
- Re: Trusted Unices Aren't? David Collier-Brown (Nov 02)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? David Collier-Brown (Nov 02)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? jcp01 (Nov 02)
- Re: Trusted Unices Aren't? David Collier-Brown (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Sidebar on a historical security model David Collier-Brown (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Re: Trusted Unices Aren't? ark (Nov 02)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? dreamwvr (Nov 02)
- Re: Trusted Unices Aren't? dreamwvr (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Re: Trusted Unices Aren't? dreamwvr (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)