Re: [firewall-wizards] Trusted OS...

[Magosanyi Arpad <mag () bunuel tii matav hu>]

A levelezőm azt hiszi, hogy Jean Caron a következőeket írta:
> On Mon, 6 Mar 2000, Magosanyi Arpad wrote:
>
> <snip, snip>
> > If you consider the NTCB modell of TCSEC, the picture gets to be a little
> > more fine. The main point is that you cannot guarantee the integrity of
> > the application (firewall proxies) if you don't have a TCB under it,
> > and the firewall proxies are integral part of the NTCB (anywhere between
> > 'M' and 'MIA' component). The little problem with this that no firewall 
> > (which I know about) have been specifically designed az an M component
> > of an NTCB. The other problem is that no network protocol I know of
> > is designed for transmitting the labels as well (though some of them
> > like smtp and http is able to do that.
>
> Ok, I understand TCB, It's precisely what I'm working with now and need to
> replace. NTCB confuses me a little, this is extending it to the
> network, is it ? Anyway, you do loose me when you talk about M and MIA
> components, what would those be ? I don't need to extend this to the
> network protocol itself. What I need is a solid firewall that can be rated
> as high as B2 level.

Read NCSC-TG-005. It describes how you can build a network security infrastructure
with an overall rating of say B2. 
You will learn that you need a NTCB (Networked Trusted Computing Base) element
which have some of the following functionalities:
        Mandatory Access Control ('M' component)
        Identification & Authentication ('A' component)
        Audit ('A' component)
And there is a 'D' component for discretionary access control, which I think does
not play much when we are talking about firewall functionality.
Jackie Soares have written that you need a "guard", and not a firewall
if you are thinking of the TCSEC modell of network security.
I rather think that a firewall and a guard is effectively the same thing,
but viewed from different perspectives, and with emphasis on different
subsets of the problem. What I think we will soon see is something what looks
like a firewall, and have labeled security.

I have took a look at the TPEP list and the following is what I have
found interesting:
-Gemini Trusted Network Processor on the GTNP hardware, which is a 
        multiprocessor x86. It's A1 M component.
-Cray Unicos running on the CRAY Y-MP architecture. It's B1 MDIA component.
-Harris CX/SX with LAN/SX on the Series 4000 Night Hawk, which is also looks 
        like a supercomputer. It's B1 MDIA component.
-Dragonfly Guard. It is EAL2 by CC its report basicly says that it is an MDIA.

The first one looks most similar to a firewall today by the sparse documentation
which is on the web. But it might also be only a multilevel packet switch.

The third and fourth are full unixen running on supercomputers.

The fourth is a real guard, in a somehow unique infrastructure.

I think that you can build a firewall using nearly any of them,
the question is the amount of work included.


-- 
GNU GPL: csak tiszta forrásból