Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: chroot useful?
From: Anton J Aylward <anton () toronto com>
Date: Mon, 17 Nov 1997 06:52:54 -0500
At 11:38 AM 17/11/97 +1100, Darren Reed wrote:
## Reply Start ##


In some mail I received from Anton J Aylward, sie wrote


At 07:12 PM 16/11/97 +1100, Darren Reed wrote:
## Reply Start ##


[...mjr's email deleted...]

So, how many firewalls out there implemented with any of the common
operating systems (be they free or commercial) actually do this ?


Why not ask them.  Many claim to run "hardened" versions of 
BSD or LINUX.  Vulnerabilites and exploits are well publicized, 
and many of the developers read these lists.   I doubt many
are going to be so arrogant as to take a NIH approach to something
Marcus has contributed to the state of the technology ;-)


Well, the majority of the firewall market doesn't run on a "hardened"
version of the OS because that's not what FW-1 uses.


Interesting logic and interesting way of expressing it.
I've just thumbed thru some literature in my filing cabinet,
such as it is, and yes, the first vendor I looked at, BorderWare,
claims to use a hardened kernel.  

We can throw this back and forward like a shuttlecock, "A does",
"B doesn't" .....  but its like a mathematical proof.  That ONE
does means that one or more HAS made kernel changes.  

Now actually Borderware has a user interface that hides the OS 
from the end user very effectively - too effectively I've heard
some people say.   The users don't have to know how to hack the 
kernel.  It applied when I first used UNIX back in '78 (when I
was on the way to becoming a kernel maintenance programmer) and
it applies today.

/anton


## Reply End ##
--------------------------------------------------------------------------
Anton J Aylward                  | "Quality refers to the extent to which 
The Strahn & Strachan Group Inc  | processes, products, services, and 
Information Security Consultants | relationships are free from defects, 
Voice: (416) 421-8182            | constraints and items which do not add
  Fax: (416) 421-8183            | value." - Dr. Mildred G Pryor, 1995

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]