Having a FreeBSD based firewall approved for Australian Government use (getting on EPL)

From: Stanley Hopcroft (Stanley.Hopcroft@IPAustralia.Gov.AU)
Date: 08/08/01


Date: Wed, 8 Aug 2001 21:29:50 +1000
From: Stanley Hopcroft <Stanley.Hopcroft@IPAustralia.Gov.AU>
To: ISP@FreeBSD.ORG


Dear Ladies and Gentlemen,

I am writing to invite expressions of interest from those who may wish
to help pay the fee to have FreeBSD and other open source software
evaluated and approved as firewall products for Australian Government
use (products that meet the 'common criteria' at the E3 level and have
been independently validated - that's the fee part - and so become part
of the 'Endorsed Product List [EPL]).

The background is that my employer has been a happy user of a FreeBSD
based firewall for some years but with a change to a more risk averse
and ignorant management, the cost of the firewall is being compared to
outsourcing the service, or replacing it by a Commonwealth of Australia
approved firewall (an E3 rated product from the EPL).

Such products include PIX (?? maybe E1 only) and Gauntlet. Maybe
Firewall-1. Part of the attraction of having FreeBSD on the EPL is
commercial products drop of the EPL at the whim of the vendor, and one
is faced with the prospect of doing it all gain with a different
product.

A very sensible man has suggested that the cost of hardware, approved
software and setup may in fact approach the A $100k for the evaluation
fee (the evaluation is __not__ like the Orange book approach. An E3
rating means something like an inspection of the source has shown
evidence of software engineering principles).

Obviously we will only proceed if we find we can save money by using
software that we like and have found trustworthy.

We would submit FreeBSD RELEASE and some other famous name software for
evaluation (and reevaluation when the software changes).

The TrustedBSD project is obviously an alternative and probably superior
approach but we cannot afford to wait for its release.

Should anyone be interested in a consortium approach to having FreeBSD
being approved for the Australian EPL, or wish to share any advice about
this matter, please let me know.

Thank you,

Yours sincerely.

 --
------------------------------------------------------------------------
Stanley Hopcroft IP Australia
Network Specialist
+61 2 6283 3189 +61 2 6281 1353 (FAX) Stanley.Hopcroft@IPAustralia.Gov.AU
------------------------------------------------------------------------
Reclaimer, spare that tree!
Take not a single bit!
It used to point to me,
Now I'm protecting it.
It was the reader's CONS
That made it, paired by dot;
Now, GC, for the nonce,
Thou shalt reclaim it not.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: solaris
    ... >> router while I attempted to explain the router was ... >> of handling a CLI OS like FreeBSD? ... that these individuals would not be the target market ... > despite the fact that it should include a firewall. ...
    (freebsd-questions)
  • Re: Wanting To Try FreeBSD: Security Question.
    ... How hard is it to secure FreeBSD for a desktop computer? ... The relatively minimal pf.conf file for the firewall I run on my laptop, ... A firewall is not the end of all your security needs. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: per protocol bandwidth filters for firewall
    ... an ADSL line that connects 128 clients to the internet. ... FreeBSD before but have some linux experience. ... This is a FreeBSD specific firewall implementation. ... It's a last match wins type ruleset, ...
    (freebsd-questions)
  • Re: RX (download) limit problem
    ... > I've been seeing a strange problem with my 5.4-STABLE freebsd ... > behind it or the firewall itself) can get a decent rate. ... > In talking to some openBSD guys we had a theory that it might be something ... > the upload and download being kept symmetric and hence so low on the ...
    (freebsd-current)
  • Re: Which intrusion detection to use?
    ... > I have a FreeBSD box at home which I primairily use for internet access. ... a host-based IDS is AIDE, ... > understand what the added benefit it over a tightly configured firewall. ... all unused ports to the world there will be no use in PortSentry since the ...
    (FreeBSD-Security)