[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3FB6AE88.2090701@comcast.net>
From: goetzvonberlichingen at comcast.net (Goetz Von Berlichingen)
Subject: Sidewinder G2 Firewall
Daniel Sichel wrote:
> We are in the process of implementing new Sidewinder G2 firewalls.
> So far I have not been able to find any record of successful hacks on
> these things, so I am pretty happy.
> The downside is the suckers run sendmail. It is in a jail but still...
> Its sendmail. Anybody out there who has substituted Qmail on one of
> these? If not, any advise on what stupid things I can avoid while
> configuring these. I say these because we are in a high availability
> scenario.
Haven't played with these in a while. When we did, they were not our
primary targets because there was lower-hanging fruit. No
implementation I have seen included the servers on the firewall - they
all filtered to a DMZ with servers - so I don't know how it performs as
a server.
Are you purchasing the appliance version or the software to run on
your hardware? Either way, the firewall runs on SecureOS, which is
basically a Mandatory Access Control (MAC) version of BSD. The research
which eventually led to SecureOS was done by Earl Boebert, et al, back
in the early 80s for various Three Letter Agencies (TLAs). SecureOS
uses the Honeywell version of Domain Type Enforcement (a standard
mechanism of secure OSes). Honeywell added DTE to MULTICS as part of
the World-Wide Military Comand and Control System (WWMCCS, pronounced
Wimiks). The Honeywell variety (as opposed to the Trusted Information
Systems variety) of DTE later became the basis for SecureComputing's
SecureOS.
My team has successfully attacked DTE (but not in the form of a MAC
OS like SecureOS). These systems are only as secure as their role
authentication mechanism. The bottom line all comes back to the first
principle of cyberwarfe I proposed at the First Annual IEEE SMC
Information Assurance Workshop. In all systems, some human or cyber
entity has the ability and privilege to perform the action the attacker
wants to perform. The attacker needs to assume the identity of that entity.
In your case, if the sendmail program is vulnerable, the attacker
will be able to do anything that sendmail is able to do. Yes, that
limits the attackers' options, but lots of attacks are still available
to them. This type of system is more secure than an OS without MAC.
Since this is the state-of-the-art in secure operating systems, you are
certainly practicing due diligence.
Personally, I'd recommend limiting systems to single functions and
not running the MTA on the firewall. If you must combine functions, you
should be able to run anything compatible with BSD. However, you may
have to reconfigure domain access policy to accomodate non-standard
software, which at the least is a pain in the ass and at worst could
violate warranties and such.
Goetz
Powered by blists - more mailing lists