Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: firewalls and the incoming traffic problem

Re: firewalls and the incoming traffic problem

From: Rick Smith <rsmith_at_visi.com>
Date: Wed, 1 Oct 1997 22:22:10 -0500

At 12:27 PM -0500 9/29/97, Leonard Miyata wrote:

>The MLS viewpoint was designed for the traditional military
>catagories of 'Secret', 'Top Secret' and 'UnClassfied'. The
>hierarchy of a subject that contains multiple levels probably
>would not apply to commercial applications. The concept of
>'Multiple Single Levels' can be applied to a business model.
>Instead of 'Secret', 'Top Secret' and 'Unclassified', you could
>have 'R&D', 'Administration' and 'Marketing'. VPN channels can
>be established to their remote Single Level counterparts, with
>defence in depth DAC, I&A, Audit, and MAC (thats Mandatory
>Access Control, not to be confused with the E-mail term). High
>security levels would have physical and virtual isolation from
>networks allowed public internet access. A combination of physical
>network topology, plus 'Orange Book' Guards and Proxy Bastion
>Hosts would control cross level data transfer, and limit the
>amount of information exposed during a possible 'incident'.

For what it's worth, I've always looked at applying these mechanisms in the
opposite way. Private corporations very, very rarely show the level of
paranoia achieved by military agencies when protecting secrets from
disclosure. Therefore, even B1 level MLS exceeds the degree of
confidentiality protection that's appropriate in most commercial
information processing situations. Also the information flow in practice
isn't so well isolated, since the sensitivity issues aren't as significant.
So the mechanisms would interfere with typical business operations.

On the other hand, we *do* face an integrity problem, which brings us back
around to the start of this discussion thread. This is where MLS comes in
handy -- since a "higher" level isn't allowed to modify files belonging to
"lower" levels, you place the big bad Internet at a "higher" level and
install the files you don't want modified at a "lower" level. This lets the
Internet processes read the executable files and the configuration files,
but prevents them from modifying them. This is sort of using Bell LaPadula
to implement Biba, if you see what I mean. And, of course, it all works
much more cleanly with Type Enforcement (tm).

Rick Smith. rsmith_at_visi.com smith_at_securecomputing.com
"Internet Cryptography" now in bookstores http://www.visi.com/crypto/
Received on Oct 02 1997

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]