On Tue, 29 Dec 1998, Bennett Todd wrote:
> Whereas I'm less interested in either of those categories of problem --- they
> both have the feature that they can be centralized sufficiently to let you go
> to some draconian configuration extremes to buy reasonable security with
> traditional OSes.
I'm still working on the "access to the name server to update records with
transactional integrity" thing. What I'm after though is a generalized
method for dealing with applications, not writing frontends for each
application. The nice thing about trusted OS' is that I can make the
application access method independent. For example, you're allowed to
update DNS records and restart the server, doesn't matter if you use a Web
interface, a shell, or whatever. Then granularizing that to specific
zones, parts of records, and eventually thresholding the restarts...
> Where _I'm_ most excited about the prospects for newer, finer-grained security
> controls is in problems that resist the best efforts without them: deploying
> the controls onto end-user workstations to sandbox insecure end-user apps.
> Starting with %*@&ing web browsers with their insecure applet implementations.
I've been giving the "thin Linux client" thing a great deal of thought,
especially with Citrix or VNC access to NT applications.
Did you catch the "HTTP virus" announcement to NTBugtraq? %*@&ing Web
browser and %*@&ing programmers tunneling everything over HTTP...
> The best I've been able to come up with to date is deploying an outbound-only
> sandbox machine in the DMZ, giving users ssh access to it through a tunnel,
> and letting them run a browser that can be savaged by java and javascript
> remote displayed to their desktop. That's got a lot of problems, needless to
> say.
I don't know, that seems pretty reasonable to me, other than the obvious
file transfer issues. But compartmentalization at the desktop would be
really nice.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
