Great Circle Associates Firewalls
(September 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Secure version of Sendmail
From: Rick Smith <smith @ sctc . com>
Date: Thu, 14 Sep 1995 11:47:49 -0500 (CDT)
To: Peter da Silva <peter @ nmti . com>
Cc: smith @ sctc . com, firewalls @ greatcircle . com
In-reply-to: <9509141616 . AA24527 @ sonic . nmti . com . nmti . com> from "Peter da Silva" at Sep 14, 95 11:16:27 am 
> The point is that if you have a class B O/S you're more likely to skimp
> on the application level stuff. If you get both, that's great, but you
> usually only get one.

I've seen this happen, too.  This is why NCSC formal evaluation is too
often irrelevant. If a trusted system is performing a security
service, then the application software is often configured to
circumvent the standard security measures in some places. This is OK
if it's done right, and a huge problem if it's done wrong.

Security is a property of overall system behavior. It's bad news to
assume a platform can do it all for you, or that an application can do
it all. The best defense needs them to work together.

On the SNS Mail Guard the government evaluated the whole thing
including the networking and application software.

Rick.
smith @
 sctc .
 com        secure computing corporation
References:
Indexed By Date Previous: Firewall off Rod McBan DCLVI
From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Next: Re: Firewall off Mortal Kombat XIV
From: Rick Smith <smith @ sctc . com>
Indexed By Thread Previous: Re: Secure version of Sendmail
From: peter @ nmti . com (Peter da Silva)
Next: Re: Secure version of Sendmail
From: mdr @ vodka . sse . att . com
Google
 
Search Internet Search www.greatcircle.com