From owner-freebsd-security  Sat Jul 13 07:27:03 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id HAA14824
          for security-outgoing; Sat, 13 Jul 1996 07:27:03 -0700 (PDT)
Received: from obie.softweyr.com (slc49.xmission.com [204.228.136.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA14808
          for <security@freebsd.org>; Sat, 13 Jul 1996 07:26:44 -0700 (PDT)
Received: (from wes@localhost) by obie.softweyr.com (8.7.5/8.6.12) id IAA00228; Sat, 13 Jul 1996 08:26:48 -0600 (MDT)
Date: Sat, 13 Jul 1996 08:26:48 -0600 (MDT)
Message-Id: <199607131426.IAA00228@obie.softweyr.com>
From: softweyr@xmission.com
To: Ng Pheng Siong <ngps@pacific.net.sg>
CC: security@freebsd.org
Subject: Re: The Vinnie Loophole
In-Reply-To: <Pine.OSF.3.91.960702174032.32569W-100000@einstein.technet.sg>
References: <199606251744.LAA24692@xmission.xmission.com>
	<Pine.OSF.3.91.960702174032.32569W-100000@einstein.technet.sg>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Ng Pheng Siong writes:
 > Pray tell, what is this "Security Toolkit/UNIX'? Commercial software?
 > Sorry for the late followup. Cheers.

Sort of.  After I left the company, STK/U grew into something called
Enterprise Security Manager, and the company, Raxco Inc., morphed into
a company now called AXENT technologies.

ESM is a much bigger "system" than STK/U was, but does not check any
more security loop holes than STK/U did 2.5 years ago.  It features a
plethora of confusing menus, dialogs, and windows that keep you from
finding out what is really wrong with your systems.  On the other
hand, it is probably head and shoulders above anything else on the
market.  OpenVision used to sell a competitor, but I don't know if it,
or even OpenVision, have survived.

You can find out more about ESM at http://www.axent.com/.  Remember,
if you buy this thing, I'm probably still responsible for the code
that performs many of the security checks, but I'm *not* responsible
for the overblown and confusing user interface, database manager, and
job scheduler.  ;^)

By the way, I doubt you're likely to get them to port ESM to FreeBSD.
If they're willing to contract an outside port, I know an ex-AXENT
employee who would probably do it, but I'm not interested.

	Wes Peters