Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

dedicated vs. ordinary unix workstations

From: "Perry E. Metzger" <perry () piermont com>
Date: 05 Oct 1998 12:05:10 -0400

A stripped Unix workstation is no worse than most average dedicated
"hardware". Why? Because "dedicated hardware" isn't. That is to say,
if it speaks a complicated network protocol (say, TCP/IP), most of the 
complexity on that box is in the software, not in the chips. Calling
it "dedicated hardware" is deceptive -- you are really talking about a 
box running a proprietary operating system, which is in all likelyhood 
not particularly less complex or particularly better written than a
non-proprietary one.

Given this, the "stripped unix box" vs. "proprietary operating system" 
question looks very different from the way the question was originally 
framed.

Myself, I happily run high security applications (firewalls and such)
on stripped-down NetBSD boxes. Why? Well, for one thing, having the
kernel source, I can do stuff like make sure that source routes don't
work by stripping the code physically out of the kernel to prevent
accidents from ever occurring. If I find that I'm unhappy with the way
anything on the system works, I can fix it (and often have), and when
bugs are found, I can fix them quickly or get fixes for them.

A stripped down box -- one that is listening on few if any ports at
all, and is only listening with highly stripped down servers that are
easy to audit -- seems to be pretty solid in the sort of security it
can provide.

"Dedicated hardware", as I noted, in the end means a weird computer
running a proprietary operating system. I can't check if the thing
does the right thing with certain edge conditions I'm worried about
without treating it like a black box for testing. I can't fix bugs,
and I have to take the manufacturers word on how the thing works.

I know some claims were made here earlier by some that no one ever
looked at the TIS FWTK code when they got it, but I sure did, and I
often altered the code to improve or tune the security of the
system. My experiences with that lead me to not want to go back to
having to trust the maker of the tools I am using. Maybe I'm an
oddity, but that's the way I am.

Anyway, in summary, I believe a properly stripped unix system can be
as secure or even more secure than a proprietary OS running on
proprietary hardware, when used in security critical work like
building a firewall.

Perry
Previous By Date Next
Previous By Thread Next

Current thread: