[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Securing Web Servers
From:       "Brad Sterling" <bsterling () hotmail ! com>
Date:       1997-01-28 3:31:03
[Download RAW message or body]

Thanks for all the great responses and alternative references.  Below is a
typical, but very limiting answer.  

Please don't take this to flames, but everyone seems to be underestimating the
possiblities.  With Memco's SeOS, you can define the exact limitations.  If you
define in SeOS's Security Policy Module (SPM) exactly what actions are allowed,
you automatically exclude those that are not, such as running cgi bins outside
of their boundaries.  Thus, your SPM simply does not allow the type of actions
that the Justice Dept., CIA, and Air Force have experienced, regardless of how
inept your administrator's are.

If you check the press releases by both Memco and Checkpoint, you'll notice
that Memco's SeOS is being released with Checkpoint's FireWall-1 to prevent any
actions outside of those that are specifically allowed by the firewall.  It
seems easy to expand this approach to any server in any environment.  This
would include any mission critical Unix server.

-------------- great response
Memco's SeOS product can be used to harden the OS that your web server is
running on including limiting the access available to the traditional root
user, however it will not prevent other server setup problems such as
misconfigured bin directories or bad cgi programming.
-------------- end great response


---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]