smcc @
pipeline .
com (System Management Consulting Company) asks:
>I have a client considering a purchase of either - Harris CyberGuard or
>Secure Computing Sidewinder - They seem to be comprable products
>-Cyberguard says they feature B-1 and MLS while Sidewinder pushes Type
>Enforcement. Which is the better technology?. Any help would be
>appreciated.
The following is my own point of view based on my knowledge of
Sidewinder. I'd really like to see a similar post from someone more
closely familiar to the Harris product.
MLS (Multilevel Security) is a mandatory protection mechanism required
to meet the Orange Book B or A level requirements. B1 is the lowest
Orange Book rating that supports MLS, A1 being the highest. The nice
thing about MLS (also about Type Enforcement) is that the mechanism is
explicitly built to fend off serious attacks against system security.
Both mechanisms "label" all programs and data within the system and
control access according to rules that are applied to all accesses and
that can't be changed during normal system operation.
We developed Sidewinder based on our experiences building LOCK, a
system designed to meet the more stringent A1 requirements. LOCK
contained both Type Enforcement and MLS protections. Sidewinder omits
the MLS protections and retains Type Enforcement.
Here are some things Type Enforcement lets us do that we couldn't
do as well with MLS protections:
1) Protect the integrity of firewall code. There's nothing in MLS
restrictions that prevents you from installing subverted software.
You can use MLS to write-protect some software and, if you're careful,
you can make it difficult to substitute subverted software for
application software. But it's not something the MLS concept is
explicitly designed to do.
2) Protect applications from one another. At its best MLS can protect
one network from another. Sidewinder associates separate protection
domains with separate TCP/IP ports. The connections associated with a
particular application go directly to that application. If an attacker
manages to overcome one application, Type Enforcement blocks any
attacks on other applications, even those serving the same network.
3) Fast intrusion detection. Type Enforcement protections are tailored
to the access requirements of the installed applications. An attack
can only progress if the applications are made to misbehave and to
access system resources in improper ways. These access violations
are immediately detected and can be configured to generate an immediate
alarm.
Basically, MLS is designed to protect confidentiality. Firewalls need
finer grained protection to maintain their integrity. MLS is better
than nothing. Type Enforcement, however, is really designed for the job.
Rick.
smith @
sctc .
com secure computing corporation
Follow-Ups:
|
|
