In an earlier message, Les Carleton <les @
tracker .
demon .
co .
uk> asked:
>I've recently had customers coming up more and more with the "Secured
>operating system" question. That is ... what is the benefit of having a
>specially secured operating system on a machine which no one is going to be
>logging in to?
I'd like to expand the question a little bit. We've seen months of
discussion of the virtues of MLS (and TE) systems on the list. Obviously
there are plenty of people who believe that there are advantages to
using trusted systems to build firewalls.
I wonder, though, whether those advantages are significant enough
to warrant the extra effort required to come up to speed on trusted
systems. I can understand why people who already have trusted systems
experience (and products) think that they have a very fine hammer
for firewall building. I'm not sure though, that it is such a wonderful
hammer that we all need to throw away our current hammers and replace
them (at considerable expense).
I'd like to hear from people (without previous trusted systems experience)
who have decided to build firewalls on top of trusted systems...
Thanks,
Kevin
kml @
cssun .
mathcs .
emory .
edu
DISCLAIMER: It seems only fair to mention that I used to work for a
CMW vendor (although I won't make any claims to being a trusted systems
guru). The company was full of bright people, and made a solid
product. I just never really managed to convince myself that using
trusted systems was worth the trouble. Then again, I've been wrong
before...
Follow-Ups:
|
|
