Firewalls: Re: Type enforcement ???

Firewalls
(August 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Type enforcement ???
From:	Rick Smith <smith @ sctc . com>
Date:	Mon, 14 Aug 1995 17:53:59 -0500
To:	firewalls @ greatcircle . com
Cc:	smith @ sctc . com

David I Dalva <dave @
 TIS .
 COM> wrote on type enforcement:

>Type enforcement gives you a firewall that is strongly resistant to attack on
>the machine *itself*. 

True.  On Sidewinder, we use this to provide familiar network software
and sophisticated proxies while controlling the risk inherent in
running complicated server software. Sidewinder is probably the only
firewall that runs sendmail because it's the only one that can run it
safely, despite its bottomless list of bugs. History has shown that
you can't predict where bugs will hit. With a nonbypassable access
control mechanism like type enforcement, there's still protection in
place even if the bug can't be patched immediately.

> The key here is that it does nothing for protecting
>your inside network beyond protecting the proxies from each other and the
>firewall's operating system from the proxies.  It's the proxies that give you
>a degree of internal network protection.  If they're good, you're protected
>from direct attack.  If they're not, type enforcement won't do anything for
>you.  (Consider a telnet proxy that uses reusable passwords for authentication
>from untrusted networks). 

On the other hand, if the proxy (written by someone as a concept
demonstration and then turned rapidly into a "product") has a flaw in
it, type enforcement restricts the amount of damage the flaw might
lead to. On a PC, the flaw might give "them" your machine and your
inside net, all in one step. On a Unix box they might have to break
root (how hard is that to prevent, eh?). Type enforcement can't be
turned off while the system is operational and they can't bypass it.

In any case, you have to look at ASSURANCE. What does the vendor do to
ensure the system works as stated? It's an important question to ask.

>If you're using a firewall that has well-written proxies that run with minimal
>privilege, don't perform disk I/O, and are easy to analyze at the source-code
>level, you're very well protected and type enforcement becomes a marketing
>bullet.

If the firewall doesn't do much, then it's not applying much
protection anyway. If you need a sophisticated firewall, the firewall
needs sophisticated protection.

Rick.
smith @
 sctc .
 com     secure computing corporation

Follow-Ups:

Re: Type enforcement ???
From: David I Dalva <dave @ TIS . COM>

Indexed By Date	Previous:	Re: Australian Encryption Report From: Rick Smith <smith @ sctc . com>
Indexed By Date	Next:	Re: Firewalls-Digest V4 #482 From: "John A. Young" <lawnyc @ panix . com>
Indexed By Thread	Previous:	Re: Type enforcement ??? From: David I Dalva <dave @ TIS . COM>
Indexed By Thread	Next:	Re: Type enforcement ??? From: David I Dalva <dave @ TIS . COM>