Firewalls: Re: IBM's NetSP Secured Network Gateway

Firewalls
(January 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: IBM's NetSP Secured Network Gateway
From:	Frank Wortner <frank @ prodigy . com>
Date:	Mon, 9 Jan 1995 10:01:08 -0500 (EST)
To:	Adam Shostack <adam @ bwh . harvard . edu>
Cc:	Chris Brittain <xuthus @ dss . gov . au>, Firewalls @ greatcircle . com
In-reply-to:	<199501090531 . AAA17519 @ bwh . harvard . edu>

On Mon, 9 Jan 1995, Adam Shostack wrote (regarding NetSP):

> 	3.  Nothing like tripwire seems to be included.

Admittedly, it's not tripwire, but "normal" AIX does include a trusted
computing base audit program called tcbck.  It checks files against
attributes listed in /etc/security/sysck.cfg.  One advantage is that it
understands ACLs, which tripwire does not.  On the downside, the checksum
it uses is just plain "sum -r".   I believe that it is possible to 
use alternate checksum programs, but I haven't tried this.

The database is also available online in /etc/security, so it's subject to
the same vulnerabilities as an online tripwire database.  With either
program, it makes sense to store a copy of the database on a readonly
medium and verify against that copy. 

--
					Frank

References:

Re: IBM's NetSP Secured Network Gateway
From: Adam Shostack <adam @ bwh . harvard . edu>

Indexed By Date	Previous:	Undeliverable Mail From: "Server #7000007" <server_#7000007 @ po . gis . prc . com>
Indexed By Date	Next:	Re: IBM's NetSP Secured Network Gateway From: afx @ ibm . de (Andreas Siegert)
Indexed By Thread	Previous:	Re: IBM's NetSP Secured Network Gateway From: Adam Shostack <adam @ bwh . harvard . edu>
Indexed By Thread	Next:	Re: IBM's NetSP Secured Network Gateway From: afx @ ibm . de (Andreas Siegert)