> You can get that quality of documentation on our SNS, which is
> essentially an application layer gateway for e-mail. It costs about
> twice as much as a Sidewinder, which is not the cheapest firewall out
> there, either. Both cost less than $78,000 but more than a Sun with FWTK.
Does that cost include the time and effort required to configure the Sun
and fwtk and to administer them properly? It might be pretty close once
you factor all of that in.
> You just can't afford to do the same level of assurance and
> documentation on a commercial firewall as you do on something to
> protect classified information. Most people aren't that scared, even
> of the Internet.
I am really confused again. Once you have a test jig in place, what is
the real cost of running the same tests on the commercial version as the
mil-spec version? In fact, why not sell the mil-spec version as a
commercial product without the excessive documentation and secure
delivery requirements of the mil-spec firewall? What's the real cost of
copying the tested code to the commercial machine (which may not have
the TCB on it) What's the real cost of copying the TCB code over as
Are you saying that once you find a bug in the mil-spec version, you
don't also fix the same bug in the commercial code? Or are they just
completely different and independent developments?
\Management /\/| 216-686-0090 - PO Box 1480, Hudson, OH 44236
\ /\/ | Check out info-security heaven and test your system
\/\ /\/ | for known vulnerabilities (1st time for free) at URL:
\/Analytics| (scans deeper than SATAN or ISS) http://all.net:8080
Read "Protection and Security on the Information Superhighway"
John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95