Re: [firewall-wizards] Trusted OS...

[Magosanyi Arpad <mag () bunuel tii matav hu>]

A levelezőm azt hiszi, hogy Jean Caron a következőeket írta:
> Hi folks,
>
> I'm working on a firewall replacement project, and I have basic questions
> for this list. Should I use a trusted OS or not ? And if so, which
> firewalls run on trusted OS (assuming trusted Solaris), not all do, do
> they ?

Having a trusted OS have little to do with the firewall functionality.
Firewalls are substitues of real security on the defended nets, and they
tend to have very few users, usually only with one level of trust (fully
trusted).
If you consider the NTCB modell of TCSEC, the picture gets to be a little
more fine. The main point is that you cannot guarantee the integrity of
the application (firewall proxies) if you don't have a TCB under it,
and the firewall proxies are integral part of the NTCB (anywhere between
'M' and 'MIA' component). The little problem with this that no firewall 
(which I know about) have been specifically designed az an M component
of an NTCB. The other problem is that no network protocol I know of
is designed for transmitting the labels as well (though some of them
like smtp and http is able to do that.

> And then, I read about Titan. I believe this is a compilation of scripts
> used to harden an OS (again assuming Solaris). How good is that compared
> to a trusted OS ?

A hardened OS have nothing to do with a trusted one. The trusted os differs in 
design.

> Any comments and/or suggestions will be much appreciated.
>
> Regards,
> Jean

-- 
GNU GPL: csak tiszta forrásból