> From: Bernd Eckenfels <lists @
lina .
inka .
de>
>
> Therefore my question:
>
> > > BTW: how does B2 Systems communicate and send the information about the
> > > Trust you (dont) put into a sesion? Is there a kind of Kerberos Token
> > > Parsing or Global User Token System?
> >
> > I don't quite understand the question. With what or whom is the B2 system
> > communicating to send the information about the trust ... ?
>
> In a Network with multiple B2 System, is it possible to share Trust
> information? i.e.:
>
> secure topsecure
> console----B2a-------B2b
> |
> Modem-------+
> unsecure
>
> If I sit on the console of B2a I'm allowed to access Data with Grade X, if
> I sit on Modem, I have Access to Data with Grade Z. If I now Log onto B2b how
> can the second B2 System deny access to Classified Data for the same User
> depending on the Port he/she connected to the first B2 System? I.e has a
> sending B2 System a way to evaluate whats the Part of the transmission with
> the least allowed classification is?
I can't speak for Jon and DG, but the Argus security modules can do that.
They label incoming packets based on host, interface, and user ID, and
that info gets passed through to all other hosts. Along the path, internal
routers and gateways can filter based on this information, and the dest.
host (if allowed to receive communication at that level) will limit the
user, or any process acting on his behalf, from operating outside of the
level that the very first gateway imposed. Thus a user connecting from
the console may have more capabilities than the same user coming in from
the internet.
paul
---------------------------------------------------------
Paul McNabb Argus Systems Group, Inc.
Vice President and CTO 1809 Woodfield Drive
mcnabb @
argus-systems .
com Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433 "Securing the Future"
---------------------------------------------------------
|
|
