Re: [fw-wiz] VM system for firewall use

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 10/12/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] VM system for firewall use"
    To: ArkanoiD <ark@eltex.net>
    Date: Tue, 12 Oct 2004 10:32:34 -0400 (EDT)
    
    

    On Tue, 12 Oct 2004, ArkanoiD wrote:

    > .and did i get it right TrustedBSD-stable is already inside FreeBSD 5?

    At least MAC and attributes seem to be in there- down to the tcp/udp and
    port level- not sure about raw sockets but labeling an interface looks
    pretty straight forward. There seems to be a fairly good "feature added
    to TrustedBSD, then migrated to 5.x" progression going on. I'd probably
    look at 5.1 as a platform if I had to roll one out soon.

    Caveat: I don't know anyone who's running 5.x in production, but this
    looks like it might be a good time to start leaning that way. The docs
    look reasonable so far. Check with your favorite commit bit holder to get
    their take on FBSD 5.x overall.

    Single and multiple labels are supported, and you get MAC on the VM
    infrastructure too. Most of the important buzzwords are there,

    Interesting observation from the MAC partition module docs:

    "A really crafty implementation could have all of the services disabled in
    /etc/rc.conf and started by a script that starts them with the proper
    labeling set."

    I think the docs are better than any I've seen in quite some time (though
    the dev stuff is MIA,) you'll want to glance at least at:

    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-implementing.html
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-examplehttpd.html

    to see if this is a good path for you.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul D. Robertson: "Re: [fw-wiz] VM system for firewall use"

    Relevant Pages

    • Re: Cant link nk.lib and coredll.lib in kern.exe
      ... But in regard ... to what Paul said, how can I access the ethernet hardware directly to ... mode drivers (or any other module loaded into the kernel) can... ... hardware directly from the OAL and get the MAC address. ...
      (microsoft.public.windowsce.platbuilder)
    • Re: A Little Note to XM Radio Re: Mac Support
      ... They are out-of-date even for Windoze users by not listing Firefox. ... My point is that if an antiquated Mac suits your needs, ... but Paul and I know that the Mac has not traditionally been the ... segment whose members are using outmoded equipment and who apparently ...
      (comp.sys.mac.system)
    • Re: Vista beta vs. OSX
      ... >>> Check out this comparision from Paul Thurrott's Super Site for Windoze ... > thoughtful Windows (or Mac) user would ever make his purchasing decisions on ... > This just shows how desperate Mac Fanatics are, to compare a Beta (Vista ...
      (comp.sys.mac.advocacy)
    • Re: Short Hash codes
      ... > values to prevent replay attacks. ... So you mean that your receiver will check that each ... Don't use the MAC key for any other purpose. ... __ Paul Crowley ...
      (sci.crypt)
    • Re: Sort of OT : advice sought to teach Windows basics to technophobe
      ... Paul E. Schoen wrote: ... an icon into the trash can just to remove the icon from the desktop and ... If you drag an icon to the trash, that means you probably don't want it ... But the thing I like about the Mac is that somewhere in the world ...
      (sci.electronics.design)