| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1736.1 | irrelevant | ANNECY::HOTCHKISS | | Thu Jan 23 1997 03:13 | 11 |
| 1736.2 | still learning (new) things | TLAV01::RUDI | | Thu Jan 23 1997 03:47 | 4 |
| 1736.3 | | QUICHE::PITT | Alph a ha is better than no VAX! | Thu Jan 23 1997 08:15 | 25 |
| 1736.4 | | BIGUN::nessus.cao.dec.com::Mayne | Wake up, time to die | Thu Jan 23 1997 17:42 | 75 |
| 1736.5 | | QUICHE::PITT | Alph a ha is better than no VAX! | Fri Jan 24 1997 06:09 | 3 |
| Re .4: point taken. I knew I should never have started writing that reply!!!
T ;-)
|
| 1736.6 | I don't beg to differ ;-) | ANNECY::HOTCHKISS | | Mon Jan 27 1997 07:38 | 14 |
| re .3 etc
Let me apologise for spelling 'obsolete' incorrectly.
Now,the meat.Of course my view is personal.I am trying to make the
point that whether we conform or not(which we do not for practical
purposes) and whether we are certified or not(ditto) is not that
relevant.The fact is that we do not and probably never will have any
firewall with a rating above 'designed for C2'.This is also the way it
should stay.
The very rating systme is obsolete in both design methodolgy and
process.Sure it makes nice knock-off points but it is irrelevant in the
real world (ie our world).
We will always make more money guiding our clients through the morass
than trying to build a bridge across it.
Very philosophical but also very true.
|
| 1736.7 | | QUICHE::PITT | Alph a ha is better than no VAX! | Mon Jan 27 1997 11:14 | 4 |
| Re .-1: Let me agree wholeheartely with what Stuart has said. (Some of you
never thought you'd ever hear me says that did you ... ;-) )
T
|
| 1736.8 | | BIGUN::nessus.cao.dec.com::Mayne | Wake up, time to die | Mon Feb 03 1997 22:17 | 24 |
| Re .6:
> The very rating systme is obsolete in both design methodolgy and
> process.Sure it makes nice knock-off points but it is irrelevant in the
> real world (ie our world).
Next time one of my defence customers gets their systems certified by one of the
agencies responsible, I'll be sure and tell them that it's irrelevant.
> The fact is that we do not and probably never will have any
> firewall with a rating above 'designed for C2'.This is also the way it
> should stay.
Just in case you thought I was making up what I said in .4, I have in my hands a
brochure for Digital Multilevel Information Release Server and Integration
Services, which pretty much describes my multilevel Web server. It also says
The Defense Information Systems Agency has selected the Multilevel
Information Releasability Server as a solution to be accredited for
security and functionality adequacy.
It may not be a firewall, but it can probably do quite a good imitation of one.
PJDM
|
| 1736.9 | B1 Certification does not help to make a firewall secure | COL01::LOPEZ | Arturo Lopez drinks K�lsch at Cologne | Thu Feb 06 1997 06:25 | 9 |
| The point in this discussion is that the B1 certification does not help to make
the firewall more secure. Since C2 and B1 define the security inside the system
and the firewall needs security for the network part of the operating system.
Any one who knows a bit about certification profile knows that. Until today
there is no profile for firewal certification. Until this profile is not
defined, the discussion about C2 or B1 ist just academically.
Arturo
|
| 1736.10 | | BIGUN::nessus.cao.dec.com::Mayne | Wake up, time to die | Thu Feb 06 1997 23:16 | 17 |
| >The point in this discussion is that the B1 certification does not help to make
>the firewall more secure. Since C2 and B1 define the security inside the system
>and the firewall needs security for the network part of the operating system.
And what if I'm running a firewall between networks that use TSIX trusted
networking and allow trusted FTP, telnet, etc with all the security labels
attached? (Why you'd want to do this I don't know, but believe me, I've come
across stranger than this.) A C2 firewall isn't going to have a hope. To have a
secure firewall that can actually do something, you'll need a B1 firewall. I
already gave an example of this in .4.
>Any one who knows a bit about certification profile knows that.
I'm more ignorant than I thought I was.
PJDM
|