> Charles Watt <watt @
> >Actually, Rick, your analysis below does show a lack of
> >understanding in the capabilities of most MLS systems. Your
> >analysis assumes that the MAC labels enforced by such systems
> >are strictly hierarchical, e.g.:
> Excuse me, but I doubt you could do any of this without categories
> and/or compartments. I am surprised that you could infer their absence
> from that message. MLS couldn't come even close to competing with type
> enforcement if it lacked non-hierarchical labels.
> >Here your understanding of MLS networking breaks down. Read
> >the existing standards, such as RFC 1108 or the DoD's Common Security
> >Label spec.
> Naturally I've read various IPSO specs.
> Labeled IP is largely irrelevant to the firewalls marketplace today,
> and I suspect they will remain so for the next few years (perhaps an
> interesting topic for a different thread). We sell very, very little
> to sites that use labeled IP protocols. Most people need to
> interoperate with standard hosts operating without IPSO labels.
Rick, either everyone else on this list with experience in MLS
systems is incapable of explaining a point clearly, or you have an
amazing ability to ignore their points in your zeal to promote
the Sidewinder and Type Enforcement (TE). But then, you are
marketing, right? Reread my message. It had nothing to do with
labeled IP. It simply used the security features provided by a
typical MAC-enforcing protocol stack to duplicate the features of
a system based on TE. No labels for network data required.
Does this work? Of course. Our SecureWeb platform
(www.secureware.com/papers/secureweb/) makes use of MAC to create the
only platform truly secure enough for high value electronic commerce --
we have banks on the web today offering full-service accounts to their
customers through the SWP. And when we ran our own "challenge" at the
Retail Delivery Show in November (I take no responsibility for such
disgusting marketing drivel), we at least had the confidence to offer
a Trans Am convertible rather than a T-shirt to any successful attacker.
And we gave all participants direct root access to the system (in the
"outside" partition, of course).
> >Now I'm not an expert on Type Enforcement, but we do have a couple
> >of ex-SCC developers here. We've discussed the pros/cons of
> >TE vs. MLS at length for quite some time and have come to the conclusion
> >that ANYTHING that can be done with TE can also be done with MLS and
> >vice versa. Of course the architectures are different, and some
> >problems fit more naturally with one or the other approach. But the
> >capabilites are virtually identical, particularly when applied to
> >firewalls and similar separation problems.
> The bottom line is, of course, that both are forms of mandatory access
> control. We all agree on that point. (Hi, Barry).
> smith @
com secure computing corporation
Fine. You've got a nice system. Its use of TE-based MAC gives it some
definite competitive advantages over those systems that do not use MAC,
if integrated and administered properly. But TE provides no advantage
over a similar system based on MAC, such as the Harris firewall. There
you must compete based upon other features, such as better application
support or ease of administration.