Re: IP Tables and Packet filtering Linux 2.4

[Crispin Cowan <crispin () wirex com>]

Jose Nazario wrote:

> On Tue, 28 Aug 2001, adam wrote:
>
> > There is also info about Security Enhanced Linux (made by the National
> > Security Agency) .. how come i am mis trusting of this distro of
> > linux?
>
> a lot of people say that. jokes about "backdoor.h" and such. the code is
> freely available. you can't get more trustworthy than that, honestly.
>
> so far, the only major problems i have sen are minor bugs and one buffer
> overflow quickly found by the RAZOR guys i think, and i twas fixed the
> next day.
>
> anyhow, its worth looking at. or looking at HP's new secure OS software
> for Linux.

There is also Immunix (our product) which is a security-hardened Linux system
enhanced at a variety of levels:

   * StackGuard: to defend against buffer overflows
   * FormatGuard: to defend against printf format bugs
   * SubDomain: similar to the NSA's SELinux, but simplified to secure fixed
     purpose servers.  SELinux will be more flexible than SubDomain in a
     multi-user context, while SubDomain will be easier to manage on a fixed
     purpose box like a firewall or web server.

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards