Having a FreeBSD based firewall approved for Australian Government use (getting on EPL)

From: Stanley Hopcroft (Stanley.Hopcroft@IPAustralia.Gov.AU)
Date: 08/08/01


Date: Wed, 8 Aug 2001 21:29:50 +1000
From: Stanley Hopcroft <Stanley.Hopcroft@IPAustralia.Gov.AU>
To: ISP@FreeBSD.ORG


Dear Ladies and Gentlemen,

I am writing to invite expressions of interest from those who may wish
to help pay the fee to have FreeBSD and other open source software
evaluated and approved as firewall products for Australian Government
use (products that meet the 'common criteria' at the E3 level and have
been independently validated - that's the fee part - and so become part
of the 'Endorsed Product List [EPL]).

The background is that my employer has been a happy user of a FreeBSD
based firewall for some years but with a change to a more risk averse
and ignorant management, the cost of the firewall is being compared to
outsourcing the service, or replacing it by a Commonwealth of Australia
approved firewall (an E3 rated product from the EPL).

Such products include PIX (?? maybe E1 only) and Gauntlet. Maybe
Firewall-1. Part of the attraction of having FreeBSD on the EPL is
commercial products drop of the EPL at the whim of the vendor, and one
is faced with the prospect of doing it all gain with a different
product.

A very sensible man has suggested that the cost of hardware, approved
software and setup may in fact approach the A $100k for the evaluation
fee (the evaluation is __not__ like the Orange book approach. An E3
rating means something like an inspection of the source has shown
evidence of software engineering principles).

Obviously we will only proceed if we find we can save money by using
software that we like and have found trustworthy.

We would submit FreeBSD RELEASE and some other famous name software for
evaluation (and reevaluation when the software changes).

The TrustedBSD project is obviously an alternative and probably superior
approach but we cannot afford to wait for its release.

Should anyone be interested in a consortium approach to having FreeBSD
being approved for the Australian EPL, or wish to share any advice about
this matter, please let me know.

Thank you,

Yours sincerely.

 --
------------------------------------------------------------------------
Stanley Hopcroft IP Australia
Network Specialist
+61 2 6283 3189 +61 2 6281 1353 (FAX) Stanley.Hopcroft@IPAustralia.Gov.AU
------------------------------------------------------------------------
Reclaimer, spare that tree!
Take not a single bit!
It used to point to me,
Now I'm protecting it.
It was the reader's CONS
That made it, paired by dot;
Now, GC, for the nonce,
Thou shalt reclaim it not.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message