On Fri, 5 Aug 1994, Marcus J Ranum wrote:
> *MOST* operating systems have a superuser ID or privilege,
> except for ones like DOS that don't have it at all. *MOST* operating
> systems that have privileges have a setuid-like construct to permit
> trusted applications to cross boundaries.
Agree and this is what makes UNIX ultimately less suitable for a firewall
than something like DOS (actually BIOS & IN/OUT code written for the Intel/
ISA/EISA/VEISA/PCI bus).
1) Dedicated (single user/single tasking) systems have inherantly less
overhead than multi-user multi-tasking systems.
2) Dedicated systems are less expensive (in many ways, not just $$$) than
multi-etc.
3) There is less to go rong.
4) Dedicated assembly code is easier to write (C is not suitable for
"flight critical" operations.
Please understand that while I am rather opinionated on the subject, it
is the result of a *lot* of experience including design of the digital
flight controls for the AFTI F-16, F-16E, and what became the production
unit in the F-16C & D (also used in the F-111 and F-15/Lear Siegler).
Most of this experience was gained in the late seventies when we were trying
everything under the sun (major dissention was triple redundant/quadredundant/
dissimilar backup in something that had to be dual-fail-operational, triple
fail safe and responsible for safety of flight). You develop a different
attitude when faced with "if you screw up, people die."
Of course back then, the computers I was using were the only ones of their
kind in the world. Today the PC is considered a "throwaway" yet is many
times more powerful than the Bendix 930 with 56k of 450ns UVPROMs that
was capable of terrain-following near-Mach "hard ride".
I can see the day soon when *every* subnet has filtering, not just for
security but also to reduce net traffic loading. DRAWBRIDGE and KARLBRIDGE
are the first I know of though a dual-NIC with intelligence in the
middle is an old idea, the big difference is that now we can do it for
under $1k, hardware included. (Much less when you consider that all of those
"obsolete" 386 class machines are eminently suitable - those with "better"
BIOSes can even be set so they will not mind if they have no display or
keyboard.
Want logging and analysis ? Don't think you need multitasking, just a second
PC, for $2k you can have a hot backup also that does logging when not needed
for filtering. Redundant arrays of inexpensive PCs (RAIPs) is cheaper than
one UNIX box. Given that, if you want to change the program, just take the
second off-line, load the change, put back on-line, and make a hot switch
(why do you think NASCAR cars and airplanes have dual switchable ignition
systems - two heads are better than one). Just takes a slightly different
way of thinking.
Warmly,
Padgett
Who cares about the lawyers, I own a Judge.
|
|
