Firewall Wizards mailing list archives
Re: [firewall-wizards] Trusted OS...
From: Magosanyi Arpad <mag () bunuel tii matav hu>
Date: Mon, 6 Mar 2000 08:30:07 +0100
A levelezőm azt hiszi, hogy Jean Caron a következőeket írta:
Hi folks, I'm working on a firewall replacement project, and I have basic questions for this list. Should I use a trusted OS or not ? And if so, which firewalls run on trusted OS (assuming trusted Solaris), not all do, do they ?
Having a trusted OS have little to do with the firewall functionality. Firewalls are substitues of real security on the defended nets, and they tend to have very few users, usually only with one level of trust (fully trusted). If you consider the NTCB modell of TCSEC, the picture gets to be a little more fine. The main point is that you cannot guarantee the integrity of the application (firewall proxies) if you don't have a TCB under it, and the firewall proxies are integral part of the NTCB (anywhere between 'M' and 'MIA' component). The little problem with this that no firewall (which I know about) have been specifically designed az an M component of an NTCB. The other problem is that no network protocol I know of is designed for transmitting the labels as well (though some of them like smtp and http is able to do that.
And then, I read about Titan. I believe this is a compilation of scripts used to harden an OS (again assuming Solaris). How good is that compared to a trusted OS ?
A hardened OS have nothing to do with a trusted one. The trusted os differs in design.
Any comments and/or suggestions will be much appreciated. Regards, Jean
-- GNU GPL: csak tiszta forrásból
Current thread:
- Trusted OS... Jean Caron (Mar 05)
- Re: [firewall-wizards] Trusted OS... Magosanyi Arpad (Mar 06)
- Re: [firewall-wizards] Trusted OS... Jean Caron (Mar 12)
- Re: [firewall-wizards] Trusted OS... Magosanyi Arpad (Mar 12)
- Re: Trusted OS... Bennett Todd (Mar 21)
- Re: [firewall-wizards] Trusted OS... Jean Caron (Mar 12)
- Re: [firewall-wizards] Trusted OS... Magosanyi Arpad (Mar 06)
- <Possible follow-ups>
- Re: Trusted OS... Valerie Anne Bubb (Mar 06)
- Re: Re: Trusted OS... Paul McNabb (Mar 23)
- Re: Re: Trusted OS... Marcus J. Ranum (Mar 28)
- Re: Re: Trusted OS... Ryan Russell (Mar 29)
- Re: Trusted OS... Bennett Todd (Mar 29)
- Re: Re: Trusted OS... Marcus J. Ranum (Mar 28)
- Re: Re: Trusted OS... Marcus J. Ranum (Mar 28)