Re: DARPA and the network

["Jay R. Ashworth" <jra () baylink com>]

On Tue, Sep 06, 2005 at 12:04:14PM +0100, Michael.Dillon () btradianz com wrote:
> > yes, it is. we can further dicuss that in private if you wish; however, 
> > claiming OpenBSD is just more vocal about security is just far off 
> > reality, and that had to be put in perspective.
>
> The real question is not whether other BSDs or
> other Unices are following OpenBSD's lead. I'd like
> to know how many embedded systems (routers and switches)
> are implementing similar "hardening" techniques.

Well, I sort of gather that the implication was "all the ones that are
embedding OpenBSD".  ;-)

> The Internet runs on embedded systems and although many have their
> roots in Unix, they don't seem to have adopted many of the security
> techniques that are used in C2 or CAPP certified systems.

Quite so.

> The details that Henning posted are useful to list members who are
> writing RFPs for new network gear. Even if vendors can't meet these
> requirements today, it is good to let them know that people seriously
> want secure operating systems on their routers and switches.

Ah yes, the most important requirement: informed, vocal users.  The
more you spend per year, the better.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra () baylink com
Designer                +-Internetworking------+----------+           RFC 2100
Ashworth & Associates   |  Best Practices Wiki |          |            '87 e24
St Petersburg FL USA    http://bestpractices.wikicities.com    +1 727 647 1274

      If you can read this... thank a system administrator.  Or two.  --me