Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Trusted Unices Aren't?

Re: Trusted Unices Aren't?

From: David Collier-Brown <davecb_at_canada.sun.com>
Date: Fri, 30 Oct 1998 08:08:23 -0500

Paul D. Robertson wrote:
> I've always been surprised that nobody has jumped on the "secure Web
> server" market, especially in the commerce environments. Anyway, just in
> case anyone's interested in looking at some OS features that start to
> approach the alphabet soup model, an interesting project (Ruleset Based
> Access Control) in that regard is at:
> http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac/

        Methinks the initial hurdle is too high, as measured
        in dollars.

        MAC, trusted path and some related work, applied to
        a non-trustable OS, might make a very nice kind of
        web server. In fact, if there was a credible standard
        and an implementation, it would make a good combined
        server and firewall.

        Borrowing from the ``medieval city'' metaphor, the
        machine would serve as the gate, the public market
        inside the gate, and the gate in the inner marketplace
        wall. You still have to hire some spear-carriers
        to stand at the gate and catch theives, though.

--dave 

-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | davecb_at_hobbes.ss.org, canada.sun.com
N2M 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb
Received on Nov 02 1998
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]