[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Securing Web Servers
From:       "Brad Sterling" <bsterling () hotmail ! com>
Date:       1997-01-31 19:17:18
[Download RAW message or body]

'Mandatory protection' is great NCSC minutia (National Computer Security Center,
which by the way needs retirement especially after being exploited by Bill
Gates to make people believe that NT C2 is worth anything), but realistically
any MLS (Multi-Level Security) system is very limiting and operationally
difficult enough to test the ability of the intelligence of even the best
administrator.  The C1, C2, B1, B2, B3, A1 ratings sound great, but only apply
to evaluating the operating system in some sort of catatonic state (no network
connections).  

Although I'm a great fan of SideWinder it suffers from the need to tailor a
kernel resident security policy (type enforcement) for each and every
application on the firewall.  It's like the first try at something really
great, but should be place in the area of Multics as a great first try.  

Memco SeOS, on the other hand, is capable of achieving the same results as
SideWinder, but requires no alteration of the OS, other than being installed so
that it can intercept system calls which are security oriented (very clever
stuff which is up for patents).  Since Memco SeOS can achieve this with
standard vendor releases of any Unix system (Solaris, HP/UX, AIX, etc.), and
combined with FireWall-1 far outperforms any application level firewall, I
don't see a reasonable comparison.

A security policy establish with Memco SeOS requires NO alteration of the
operating system or application, thus binary releases DIRECTLY from the vendor,
be it Netscape SuiteSpot, Microsoft IIS, FireWall-1, Oracle, etc. can be
profiled (which means that no actions other than those that should occur can
occur), can be established to not only quarantine the server or OS, but to
detail which actions are acceptable.  This is equivalent to putting a
transmitter on a home monitored felon which could restrict even such activities
as when the felon could enter the bathroom.   

Brad Sterling wrote:
>:It seems possible to protect web servers by preventing any actions
>:that are not specifically allowed (Cheswick & Belovin).  However, this
>:requires technology which is not currently being employed.  It appears
>:that www.memco.com provides a solution to this problem by dictating
>:exactly what actions are allowed even if the superuser is performing
>:the actions.  Is this a correct interpretation?
>
Rick Smith responded
>The term for what you're looking for is "mandatory protection." I did
>a paper on using it to protect Internet servers at the IEEE Annual
>Computer Security Applications Conference last December in San Diego.
>You can get variants of mandatory protection in several commercial
>firewalls, including Sidewinder (www.sctc.com, www.sidewinder.com).
>
>Some use chroot() to do it (not very strong, but better than nothing)
>and others, like us, use variants of NCSC orange book technology.  In
>theory, memco's approach should work, too. Has anyone seen reports of
>turnkey Internet server packages that use it? I mostly saw technology
>advertised on their web page, not problem solutions.


---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]