Leonard Miyata <leonard @
geminisecure .
com> writes:
>Were trying to show the world there is a use (and a need) for
>multi-level secure trusted technology in the commercial world.
It's about time you got here. Some time last year (I was probably
arguing about covert channels with Padgett) I noted that the really
neat thing about the firewalls world is that *finally* commercial
sites need to enforce a mandatory data security boundary with a
computing system.
Now we just need to convince a few recalcitrant experts about the
importance of high assurance techniques.
>Now other companies have developed and fielded trusted boxes, but
>their not using them for Firewalls applications. Since there is a need
>for high Security network access, The Question that has to be asked is
>"WHY ?"
We don't put conventional Orange Book labels in Sidewinder because
they enforce the wrong security policy. In fact, those lovely
hierarchical labels that "trusted products" have spent so much effort
on just don't work for firewalls. We ran into that really quickly on
the SNS Mail Guard, which can *not* transfer data blindly in *either*
direction. Of course, it won't let the Unclass guy read the Secret
mail until it's examined and released. But it goes the other way, too.
Just because the Secret guy is authorized to read Unclass data doesn't
mean he gets direct access to it. The Unclass mail has to be examined
and released, too. Thus, you *can't* just blindly throw software on a
trusted platform and have a secure firewall.
You *can* build a good firewall on a "trusted" platform, but it takes
care and sophistication. Naturally, I think it's easier and more
reliable to to do with Type Enforcement since TE gives you a finer
degree of control over accesses.
Rick.
smith @
sctc .
com secure computing corporation
|
|
