Date: Fri, 15 Mar 2002 15:28:38 -0800 From: "Robert Shea" <robert.shea@appliedinterconnect.com> To: "Darren Reed" <avalon@coombs.anu.edu.au>, "Dr. Evil" <drevil@sidereal.kz> Cc: <inemes@transylvania.com.au>, <jylefort@brutele.be>, <freebsd-questions@FreeBSD.org>, <misc@openbsd.org> Subject: RE: Security: FreeBSD vs OpenBSD Message-ID: <KOEMLFAPJIPKCCFPFCKJIEDHFPAA.robert.shea@appliedinterconnect.com> In-Reply-To: <200202030549.QAA21515@caligula.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
The "Orange Book" (DOD-5200.28-STD) mostly recives flack from ill-educated individuals who don't understand it. It is, for the most part an excellent measure of system security and has remained amazingly timeless (what other computer doc from 1985 is still by and large acurate today) it's said that 2 years is a generation in the computing world, I think 17 (and counting) is a wonderful example of forward thinking. Many of these trusted systems are used in high threat enviroments. (Trusted Solaris, HP-VV (formerly HP-UX BLS), CA-CFA2 MVS w/MAC are fine examples from Sun, HP and IBM respectively.) These systems, as Darren stated are not cheap, however up and coming TOS's can be acqyired for free such as the aforementioned SELinux, TrustedBSD, Pitbull/LX (for non-commercial use of course) another main difference is that most people are highly resistant to the idea of trusted systems. Any number of reasons can explain this, people know and love UN*X and don't want to learn something different is a likely culprit, but in my experinces in these discussions in the past, most people are very resistant to the idea of an OS being more secure then UN*X. Mostly however... if you take that step and accept that the trusted system philosophy is on to something, the next thing you need to overcome is that according to the Orange Book, NT is more secure then standard UN*X, sad to say but the majority of admins are unwilling to accept such a (*shoots himself for using this phrase*) paradigm shift when it puts their years of making fun of NT'ers in the wrong. ;) robert %I find that somewhat amusing, given all the flack the Orange Book model %has received over the years. The above description fits a high level B %or A grade machine (your OpenBSD doesn't even qualify for C2 %as can Solaris %and friends). Given that there are already products available %which have %been designed with capabilities in mind, from scratch, shouldn't we all %be using those in environments where security must come first? % Oh, most %of them aren't free or available for pennies, either... % %Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KOEMLFAPJIPKCCFPFCKJIEDHFPAA.robert.shea>