Firewalls: Re: A1 Systems?

Firewalls
(January 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: A1 Systems?
From:	"Mark S. Kadrich" <mark_kadrich @ ins . com>
Date:	Sun, 14 Jan 1996 21:20:25 -0800
To:	Warren Moore <warren . moore @ cbis . com>, firewalls-digest <firewalls-digest @ GreatCircle . COM>

I beleive that the rainbow series serves it purpose by defining what a
'perfect' system would behave like.  We must keep in mind that this
definition gives us a method to objectivly (supposedly:) describe relative
strength of compared systems.  A stake in the ground if you will.

Creeping Featurism is a fact of commercial computing.  By knowing what a
'secure' system looks like we can maintain our objectivity and judge a
product by it's capabilities as well as it's liabilities.

BTW, I thought part of our business _was_ assuance.  The assurance of
people, as well as cats...;-)
mark


At 08:38 AM 12/1/95, Warren Moore wrote:
>My mailer thinks mjr said:
>
>> There's no need to -- you already explained (more tersely than
>>I did) the problem with the orange book earlier on in your comments.
>>
>> It's not about features, it's about assurance.
>> Commercial computing is about features (represented as functionality)
>> Therefore orange book is irrelevant to commercial computing.
>>
>
>With apologies to Marcus' cats (and my own), Isn't this like saying
>
> ...Owning Cats...
>
> Isn't about petting, it's about mousing.
> Feeling good is about petting (represented as purrs)
> Therefore owning cats is irrelevant to feeling good?  
>
>Not even considering that you might be up to your fanny in mice, neither 
>Marcus' or my logical construct is valid...because the initial premise is 
>invalid on its face.  A ne B, A eq C; D eq A; therefore A ne/or is irrelevant 
>to C  doesn't work unless A is *always* not equal to B, and A is *always*
equal 
>to C.  Perhaps owning cats is irrelevant to feeling good, but it doesn't
hurt.  
>Actually, I partially agree with Marcus in that the Orange Book is *largely* 
>irrelevant to commercial computing...but the last time I looked, *largely* 
>doesn't mean *totally.*  As a starting point, the rainbow series beats most 
>things available to us.  Of course, if confidentiality and assurance aren't 
>part of the picture, why are we all wasting our time reading this list and sell
>ing security in one form or another?
>
>Warren S. Moore, CISSP
>Information Security Specialist
>Cincinnati Bell Information Systems Inc.
>
>
******************************************************************
Mark S. Kadrich, Managing Consultant, International Network Services
"The Power of Operable Networks"
Voice @ 415-254-4225, Page @ 1-800-514-0355              /\
e-mail @ kadrich @
 uni .
 ins .
 com                           ( )
Information security is a process, not a solution.
******************************************************************

Indexed By Date	Previous:	UCLA Short Course on "Network and Comput From: BGoodin @ UNEX . UCLA . EDU (Goodin, Bill)
Indexed By Date	Next:	Re: Linux as a firewall From: Rolf Weber <weber @ iez . com>
Indexed By Thread	Previous:	UCLA Short Course on "Network and Comput From: BGoodin @ UNEX . UCLA . EDU (Goodin, Bill)
Indexed By Thread	Next:	IP Filter version 3.0 (fwd) From: Darren Reed <avalon @ coombs . anu . edu . au>