Firewalls: Re: Hardened OS

Firewalls
(October 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Hardened OS
From:	sgcccdc @ citec . qld . gov . au (Colin Campbell)
Date:	Mon, 30 Oct 95 9:27:37 EST
To:	mec @ itg . net (Matthew Cable)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<9510261122 . ZM28096 @ squiggy . itg . net>; from "Matthew Cable" at Oct 26, 95 11:22 am

My mailer thinks Matthew Cable said:
> 
> I'm in the process of developing and building my own homebrew firewall system,
> and am looking for some educated opinions.  If you were going to choose an OS
> to 'harden' to lay a firewall on, what would it be.  I'm currently leaning
> towards BSDI, but want others views on this.  The ideal solution would require
> little additional work to 'harden' and wouldn't cost an arm and a leg.
> 
Rule number 1 is get one with source :-).

My personal choice is as yours BSDI. I have used SunOS (no source), Solaris, (no 
source) and BSDI (full source).

On top of the ability to harden the OS with full source, BSDI has the rather
nice (IMHO) immuatbility flags. Makes the system a bitch to administer but
sure locks it up tight when you cannot write to anything.

Colin

Follow-Ups:

Re: Hardened OS
From: mdr @ vodka . sse . att . com

References:

Hardened OS
From: "Matthew Cable" <mec @ itg . net>

Indexed By Date	Previous:	Re: How protect against sniffers? From: Jeff Murphy <jcmurphy @ smurfland . cit . buffalo . edu>
Indexed By Date	Next:	Re: Writing Packet Filter rules. From: Carl Jolley <cjolley @ iac . net>
Indexed By Thread	Previous:	Re: Hardened OS From: "C Matthew Curtin" <cmcurtin @ gatekeeper . cb . att . com>
Indexed By Thread	Next:	Re: Hardened OS From: mdr @ vodka . sse . att . com