Re: [firewall-wizards] Trusted OS...

[Jean Caron <caronj () norac net>]

On Mon, 6 Mar 2000, Magosanyi Arpad wrote:

<snip, snip>
> If you consider the NTCB modell of TCSEC, the picture gets to be a little
> more fine. The main point is that you cannot guarantee the integrity of
> the application (firewall proxies) if you don't have a TCB under it,
> and the firewall proxies are integral part of the NTCB (anywhere between
> 'M' and 'MIA' component). The little problem with this that no firewall 
> (which I know about) have been specifically designed az an M component
> of an NTCB. The other problem is that no network protocol I know of
> is designed for transmitting the labels as well (though some of them
> like smtp and http is able to do that.

Ok, I understand TCB, It's precisely what I'm working with now and need to
replace. NTCB confuses me a little, this is extending it to the
network, is it ? Anyway, you do loose me when you talk about M and MIA
components, what would those be ? I don't need to extend this to the
network protocol itself. What I need is a solid firewall that can be rated
as high as B2 level.

> > And then, I read about Titan. I believe this is a compilation of scripts
> > used to harden an OS (again assuming Solaris). How good is that compared
> > to a trusted OS ?
>
> A hardened OS have nothing to do with a trusted one. The trusted os differs in 
> design.

I realize that they are two totally different things. I am looking for
opinions based on working experience with either one or both. And what one
can hope achieving in respect to high security using one or the other in
combination with specific "commercial" firewalls.

Jean