For the record I am an ex Unisys employee and I am not disgruntled. I
do have considerable experience with CTOS and networking between UNIX,
PCs and CTOS using Unisys & Sun hardware @Unisys.
Join the club, then. I've got similar experience, and feel very comfortable
talking about CTOS and its integration into IP/etc. networks. Security-
conscious networks, with full Internet and X.25 network access.
I have to concur with Rodger that CTOS does provide several features
that do make it worth considering within a firewall strategy. This is
especially true when you consider the way that CTOS services are
implemented. For instance, you can receive and distribute SMTP mail
quite effectively without all the well-known holes in sendmail.
Depending on how you define "worth considering" I either agree or disagree.
Given that running smap (from the TIS Toolkit) also achieves the same
result for sendmail -- and allows me to run several IP based MTAs, and to
take advantage of the most recent and capable "sendmail" out -- one can
achieve the same result without buying a new operating system.
Please note carefully what I'm saying: If you've already got CTOS, then
by all means consider ways to use it. It will work a little bit, within
certain very well-defined boundaries. It is not currently as flexible as
a Unix box of the popular flavors (SunOS, BSDI, Ultrix) in the role of a
firewall bastion. Period. If you do not have CTOS in house, I do not
believe that you would be better off if you went out and bought it.
If I want to run application or circuit gateways, I'm hosed if I have
a CTOS firewall--unless I want to port them myself. Telnet proxy? Yes--
outbound. FTP? Yes. Web proxy? Good luck. DNS/BIND? NNTP? Good luck.
Gopher? Archie? Unless things have changed in the past year, good luck.
I'm not so sure you can state with certainty that CTOS SMTP implementations
are security-bug free. A couple of years ago, I was dealing with the
Unisys software engineer who was writing the TCP/IP and SMTP code; I had
to explain to him how his code worked (which I derived by kicking it into
full debug mode and logging the OS calls and parameters). The quality of
code coming out of the CTOS side of Unisys has been spotty. Ask the USCG
(almost anyone but Rodger, that is ;).
Most of the "standard" services implemented on CTOS are implemented in
very non-standard ways. These implementation differences result from
the _very_ different operating system architectures.
Hence my stated distaste for misrepresenting CTOS as a Unisys flavor of Unix.
Though widely available in several industries the platform is not well
known and even less understood by the general public. Assuming that
services without well-known security holes can help slow down intruders
this may well be a plus for use within a firewall. I'm absolutely
certain that different security holes exist but, finding them and
taking advantage of them is not going to be as easy especially when you
consider that CTOS is not available anywhere for free, or near free
like the DOS&Windows combination.
I understand what you're saying, but I take absolutely no comfort, personally,
in security by obscurity. Marcus Ranum (Peace be Upon Him ;) calls this an
arms race situation, and I've never heard it put better.
In fact, it's worse than an arms race: if someone finds and exploits a bug
in a CTOS service, you have no recourse. With Unix, at least I can go grab
some code and modify the damned service to do what I want.
So, CTOS buys us some time before the inevitable security bugs come to
light. Then we have to wait for the vendor to fix them, since it's not
an open system with source code available at UU.NET. This is not a good
situation to recommend to a site I care about.
I'm not trying to evangelize CTOS primarily because it doesn't feed my
children anymore. But, for those that have access to this platform
(and there are more of them out there than you think) it can be a
viable solution.
Granted: there's a way to eek out a degree of functionality and security out
of it, if you already have it and your security model fits what CTOS can do.
This is true about many platforms, however (e.g., VMS), and one would think
that such an obvious statement wouldn't require the hundreds of lines that
have already been written about it on this list with respect to CTOS.
(Not by you.)
Richard
|
|
