Firewalls: Re: Anyone used Solaris Shield ? ASET ? How secure is SOCKS ? FWTK ?

Firewalls
(September 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Anyone used Solaris Shield ? ASET ? How secure is SOCKS ? FWTK ?
From:	"Christopher L. Werner" <cwerner @ fh . us . bosch . com>
Date:	Tue, 19 Sep 1995 09:28:49 -0400
To:	firewalls @ greatcircle . com

At 10:25 AM 9/19/95 +0100, Danny Cox wrote:
>Dear all,
>
>  I mentioned a little while ago, that management here is looking quite 
>keenly at commercial firewall products, although this isn't quite a given
>as yet, and I'm still somewhat at a loss, as to which one to go for, if
>this is what happens.  One thing occured to me, was that there are a 
>couple of standardish Sun tools which might help us.  Shield is one, and
>ASET (I think) is the other.  I believe ASET can be configured to act
>as a firewall - has anyone any experience of this ?  Also, is it a standard
>Solaris tool, which I've failed to discover yet, or is it an additional 
>bolt on (and pay extra for) tool ?
>
>  Does anyone use Shield on their firewall setups to enhance logging/accounting
>etc ?

Well, we purchased the ASET/Shield product several years ago - yes - it
costs money. I don't think the Shield product is available any more
*because* it never worked properly. Specifically, they had *alot* of
problems with the key mechanism - credentials - lots of users couldn't log
in at all the wrong times... :-(  If you have experience with NIS+ (which
has most of these problems fixed) you can kind of understand the
frustration. Something about being unable to find the server....

ASET is now bundled in with Solaris (since 2.3 I think). It is a good place
to start when tightening down the file permissions, but tiger/COPS does a
*much* more thorough job. ASET also *assumes* that certain packages are
installed when checking - and - it has no sense of year. What I mean is it
compares the creation date of a file with a database. After one year the
date on the file changes from month/day/time to month/day/year, to bad the
database doesn't, which means all kinds of alerts about files which
changed/didn't change. :-)

I will leave the others on this list to elaborate on fwtk and SOCKS.

--------------------------------------------------------------------
     Opinions expressed are mine and not those of my employer.
--------------------------------------------------------------------
Christopher L. Werner                Robert Bosch Corporation
System Engineer                      38000 Hills Tech Dr.
(810)553-1389                        Farmington Hills, MI 48331-3417

Indexed By Date	Previous:	Instant Network and security (correction) From: g . hulst @ clbn . nl (George Hulst)
Indexed By Date	Next:	Internet access guidelines From: "Kenneth W. Betcher" <kbetcher @ City . Winnipeg . MB . CA>
Indexed By Thread	Previous:	Instant Network and security (correction) From: g . hulst @ clbn . nl (George Hulst)
Indexed By Thread	Next:	Re: Anyone used Solaris Shield ? ASET ? How secure is SOCKS ? FWTK ? From: cwerner @ fh . us . bosch . com ("Christopher L. Werner")