At 09:40 1/12/95 -0600, peter @
com (Peter da Silva) wrote:
>> It's not about features, it's about assurance.
>> Commercial computing is about features (represented as functionality)
>> Therefore orange book is irrelevant to commercial computing.
>I have to say Marcus makes a good case. If assurance meant anything in the
>commercial world MS-DOS would have been sidelined by 1984.
Feature selling - aka Bullet List selling (him what has the longest bullet list
wins the sale) has come to dominate commercial computing.
This is adequately demonstrated when the winning list beats out the competition
with 'features' which are irelevant to the task being performed.
(Is there a Dilbert cartton lurking there?)
Features have no place in a firewall. Actually, they have no place in
any product, if you subscribe to the old maxim "Its not a bug its a feature".
Every additional feature is an opportunity for something to go wrong.
For example, supose this whizz-bang firewall had SO MUCH POWER
that it was a waste to use it just a filter mechanism. Lets implement
a FTP server, and a WWW server on it as well. Whose? Well, the
vendor's version of course. (E.g. is a HP T500 platform with HP/UX V9.
See late CERT advisory for details.) Oh, and as FTP isn't suited to
everyone's taste, lets allow the files which are FTP'able to be NFS
mountable as well. And of course we have an X-Windows based
configuration tool running on this platform as well.
Hey, look at all we've added to the Feature List!
I'm not disparaging HP here, its just I have a copy of that last advisory
to hand and a client has a whole slew of T500s so I know how powerful
they are. But it illustrates the point.
As I've said before, as others before me have said, and we will all continue
to say.... The more code you write, the more chance something can go wrong.
The ONLY long term repeatedly proven metric of BUGS is the volume of code.
A stripped kernel with the bare essential of application code is what's needed
for a firewall, NOT a general purpose computing platform.
[If enough people ask, I'll write up what's wroing with the way CHROOT() is
implemented and how it should be done in a hardened kernal. Its simple
and obvious once you see it.]
But that's not why the Orange Book is irrelvant to commercial comptuing in
Or not completely so.
My list would begin with...
We're no longer running as terminals connected to a single isolated
The military ideas of "need to know", "heirarchy" and cells don't
apply in business.
Can someone suggest more reasons our current rainbow approach is inapplicable?
Anton J Aylward
The Strahn and Strachan Group Inc
Information Security Consultants
Voice: (416) 494-8661 Fax: (416) 494-8803