|
Firewall Wizards
mailing list archives
Re: chroot useful?
From: "C. Harald Koch" <chk () utcc utoronto ca>
Date: Tue, 18 Nov 1997 11:59:45 -0500
In message <3.0.3.32.19971117060134.006d3c48 () fw itm-inst com>, Rick Murphy writes:
I only know the details of a couple of firewall products well enough to
say that the "hardened OS" really isn't - are there any products that
actually dip down into the kernel and make changes to the overall
environment to make the system less vulnerable to attack?
Since you asked:
For BorderWare, I'll point you to
<http://www.securecomputing.com/bw50tech.pdf>, page 41-42, which describes
some of the details of the BFS hardened OS. Obviously this is a 'gentle'
overview, but it summarizes the important changes.
Sidewinder ships on a Type Enforced OS;
<http://www.securecomputing.com/SWFwhitepaper.pdf> page 8-13 contains a
description of TE and the rationale for using it on a Firewall.
I'm wary of being mis-interpreted as advertising here. So, if there is
interest, I can write a longer message describing the BFS and Sidewinder
environments in a bit more detail (from a purely technical POV, of course).
Send me e-mail.
--
Harald Koch <chk () utcc utoronto ca>
 By Date 
By Thread
Current thread:
- Re: chroot useful?, (continued)
Re: chroot useful? Marcus J. Ranum (Nov 16)
|
Intro
