Re: Trusted OS...

[Bennett Todd <bet () rahul net>]

2000-03-08-07:39:59 Magosanyi Arpad:
> I have took a look at the TPEP list and the following is what I
> have found interesting: [...]

A couple of years back, I got curious, and called the contact phone
number for the TPEP. I asked if the "under evaluation for B2" DG-UX
Trusted Unix were still real and live and really under evaluation,
it'd been claiming that so long, and person who answered the phone
assured me it still was.

Even if it hasn't yet completed evaluation, I think that one might
be worth adding to the "interesting platforms" list. At least one
firewall was built on top of it (can't remember the name now, sorry,
but it was by a beltway bandit). And DG Trusted Unix was also used
for PCASSO, if I recall correctly.

As for the usefulness of a trusted OS on a firewall, that would
really depend on what you ask of a firewall. If all you want is
a packet filter, then the trusted OS features aren't likely to
be much help. If on the other hand you want to run proxies, do
fancy auth tricks, terminate VPNs, maybe serve some local content,
provide remote admin interfaces, etc. then the features of a trusted
OS might be very helpful indeed, allowing you an extra layer of
insurance to help guarantee that bugs in the fancy, complex stuff
you're laying on won't compromise the integrity of unrelated
subsystems on the firewall.

-Bennett

Attachment: _bin
Description: