From firewalls-gc Fri Jan 31 19:17:18 1997 From: "Brad Sterling" Date: Fri, 31 Jan 1997 19:17:18 +0000 To: firewalls-gc Subject: Re: Securing Web Servers X-MARC-Message: https://marc.info/?l=firewalls-gc&m=87619433410995 'Mandatory protection' is great NCSC minutia (National Computer Security Center, which by the way needs retirement especially after being exploited by Bill Gates to make people believe that NT C2 is worth anything), but realistically any MLS (Multi-Level Security) system is very limiting and operationally difficult enough to test the ability of the intelligence of even the best administrator. The C1, C2, B1, B2, B3, A1 ratings sound great, but only apply to evaluating the operating system in some sort of catatonic state (no network connections). Although I'm a great fan of SideWinder it suffers from the need to tailor a kernel resident security policy (type enforcement) for each and every application on the firewall. It's like the first try at something really great, but should be place in the area of Multics as a great first try. Memco SeOS, on the other hand, is capable of achieving the same results as SideWinder, but requires no alteration of the OS, other than being installed so that it can intercept system calls which are security oriented (very clever stuff which is up for patents). Since Memco SeOS can achieve this with standard vendor releases of any Unix system (Solaris, HP/UX, AIX, etc.), and combined with FireWall-1 far outperforms any application level firewall, I don't see a reasonable comparison. A security policy establish with Memco SeOS requires NO alteration of the operating system or application, thus binary releases DIRECTLY from the vendor, be it Netscape SuiteSpot, Microsoft IIS, FireWall-1, Oracle, etc. can be profiled (which means that no actions other than those that should occur can occur), can be established to not only quarantine the server or OS, but to detail which actions are acceptable. This is equivalent to putting a transmitter on a home monitored felon which could restrict even such activities as when the felon could enter the bathroom. Brad Sterling wrote: >:It seems possible to protect web servers by preventing any actions >:that are not specifically allowed (Cheswick & Belovin). However, this >:requires technology which is not currently being employed. It appears >:that www.memco.com provides a solution to this problem by dictating >:exactly what actions are allowed even if the superuser is performing >:the actions. Is this a correct interpretation? > Rick Smith responded >The term for what you're looking for is "mandatory protection." I did >a paper on using it to protect Internet servers at the IEEE Annual >Computer Security Applications Conference last December in San Diego. >You can get variants of mandatory protection in several commercial >firewalls, including Sidewinder (www.sctc.com, www.sidewinder.com). > >Some use chroot() to do it (not very strong, but better than nothing) >and others, like us, use variants of NCSC orange book technology. In >theory, memco's approach should work, too. Has anyone seen reports of >turnkey Internet server packages that use it? I mostly saw technology >advertised on their web page, not problem solutions. --------------------------------------------------------- Get Your *Web-Based* Free Email at http://www.hotmail.com ---------------------------------------------------------