Return to BSD News archive
Path: euryale.cc.adfa.oz.au!olive.mil.adfa.oz.au!navmat.navy.gov.au!posgate.acis.com.au!warrane.connect.com.au!news.syd.connect.com.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.cis.okstate.edu!news.ksu.ksu.edu!news.mid.net!news.dra.com!news.id.net!news.cic.net!chi-news.cic.net!newsxfer2.itd.umich.edu!agate!boulder!wilcoxb From: wilcoxb@cs.colorado.edu (Bryce) Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc Subject: Re: need secure OS to entrust millions to Followup-To: comp.os.linux.development.system Date: 24 Feb 1996 16:58:49 GMT Organization: University of Colorado, Boulder Lines: 74 Message-ID: <4gng49$b2i@lace.colorado.edu> References: <4gi6t6$3h9@lace.colorado.edu> <4gl7os$9av@skate.demon.co.uk> Reply-To: bryce@c2.org NNTP-Posting-Host: nag.cs.colorado.edu Bcc: bryce@c2.org Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:18054 comp.os.linux.misc:88503 comp.os.linux.networking:29737 comp.unix.bsd.freebsd.misc:14380 comp.unix.bsd.netbsd.misc:2321 comp.unix.bsd.bsdi.misc:2463 -----BEGIN PGP SIGNED MESSAGE----- I, Bryce <wilcoxb@cs.colorado.edu>, wrote: > > I'm writing documentation which advises banks on how to > setup an electronic banking software package on a > Net-connected, firewall-protected Intel box. Some of the > most important banks in the world will be reading this > documentation very soon. Iain Hibbert <plunky@skate.demon.co.uk> wrote: > > However, I can only suggest that you remove specific system > recommendations from the document and instead recommend that > they use an experienced Unix/Security admin person to choose, > install and _continually_administer_ the system if they want > to run a secure site. Such a person would know the options > and would install something that they would be able to keep > control of. I think Iain has the best answer yet! Thanks to everyone who followed-up and e-mailed me with many pertinent points to make. After a little deliberation it became very clear that the proper thing to do was to remove all security recommendations which were not specifically within the domain of our application. Security issues are too complex, and too important, to address with a mere line or two in a document which has a different purpose. Thankfully the question of a secure OS (as well as the questions of firewalling, networking, physical security, key distribution, access by insiders, etc etc etc) falls outisde of our domain. It was really interesting to read the specific issues (e.g. one guy said that "the linux TCP/IP stack has some serious flaws in it's buffer handling, and if your traffic is high, you may wish to consider that. Also the firewall code is buggy, and the support for well-hidden MD5 encrypted passwords is not there. s/key and kerberos do not integrate well with linux.".), and the larger issue of source-available OS'es versus commercially-supported OS'es. Although I'm a big fan of the free OS phenomenon, I would almost certainly have to go with an OS that was designed specifically for security, e.g. TIS, QNX, etc. Possibly the best of both worlds would be to convince some company or some collection of hackers (hint hint) to take a free-source OS and hack it into a highly secure form. Okay I sent this to all newsgroups because I started this thread and wanted to broadcast its resolution. Follow-ups oughta be directed to one specific group or another... Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b1 iQCVAwUBMS9DovWZSllhfG25AQHW6QP/UoI00hwDsDyxyqkT4CSFbB1VUzyKODfR d0/LFGWdXQg3FNAwHTuDbn7ivMzfW3VWioLDgFBQeo22vLRzcyES/68tIvIM5Ehi W6ITnPo2XPJxZ2L2uhV/EAR4SNcPg6ONka9A/CbTWpxKGeT2jTYgl47YGwpsWggJ cOFpjyB8fos= =gmE2 -----END PGP SIGNATURE-----