Great Circle Associates Firewalls
(September 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: C2 certified OS that can run a firewall
From: mcnabb @ argus . cu-online . com (Paul McNabb)
Date: Fri, 6 Sep 1996 09:11:03 -0500
To: wombat @ mcfeely . bsfs . org
Cc: firewalls @ GreatCircle . COM 
>  Date: Thu, 5 Sep 1996 20:19:41 -0400 (EDT)
>  From: Rabid Wombat <wombat @
 mcfeely .
 bsfs .
 org>
>  
>  On Thu, 5 Sep 1996, Jon Spencer wrote:
>  
>  > > Of course C2 security is better than no security, but C2 was never
>  > 
>  > Welll .......  it is if you understand its limitations.  Otherwise ...
>  > 
>  
>  WTH does C2 security have to do with a system that should not have any 
>  user accounts on it, no user access to it?

Well, let's see.

1) You could have the activity of the daemons and other processes
audited in case of a problem.  This could be very useful when trying
to track a problem or security hole.

2) The object reuse requirements would make it less likely that a
daemon or other process could be tricked into sending info from a 
previous network request.

3) The TCB protections will make it less likely that bugs and holes
in programs can circumvent or damage the system operation.

4) Daemons could be run in a mode that doesn't have access to any
file or other resource on the system (e.g., on UNIX, run a daemon
as user "noroot").

5) The overall functioning of the system would be analyzed and you
could feel better about its reliability and security (although at
C2 this is somewhat weak).

C2 (and all other trusted systems) provides security enhancements
in ways that are useful even when no user is on the system.  Add to
that the assurances that come from well-design and well-reviewed code,
and trusted systems make a lot of sense in a lot of instances.  There
is a lot of smoke in the air about trusted products, and a lot of
misconceptions and misleading statements by both sides (those who
claim supernatural protection by trusted systems and those who claim
it's all a crock).

But you are correct in part.  As stated in various places in the Rainbow
Series, there are places where a trusted system will add no appreciable
benefit to an operation.  You could build a firewall machine in such a
way to eliminate the need for a trusted operating system, but I think
you would probably want to take your hardware and configuration through
an evaluation and get a rating -- something easy like C2, or, for real
assurance, B2 or B3.

paul

------------------------------------------------------------
Paul McNabb			mcnabb @
 argus .
 cu-online .
 com
Argus Systems Group, Inc.	TEL 217-384-6300
1405A East Florida Avenue	FAX 217-384-6404
Urbana, IL 61801 USA
------------------------------------------------------------
Follow-Ups:
Indexed By Date Previous: Re: C2 certified OS that can run a firewall
From: mdr @ vodka . sse . att . com
Next: Re: firewall-1 delay is tolerable ?
From: Robert Hanson <roberth @ cet . com>
Indexed By Thread Previous: Re: C2 certified OS that can run a firewall
From: "Wang Federal SSSO" <goertzek @ wangfed . com>
Next: Re: C2 certified OS that can run a firewall
From: peter @ baileynm . com (Peter da Silva)
Google
 
Search Internet Search www.greatcircle.com