At 09:42 PM 1/02/2000 +1000, Craig Martin wrote: > >Could someone possibly explain the difference between >a Firewall that is ITSEC rated and a F/W that is >not?...Am I correct in saying that Firewall-1 for >example is not ITSEC rated?...Seems strange. > Craig, Nothing intrinsically different. The ITSEC-ness of a product does not indicate necessarily that one with an ITSEC rating it is better than one that isn't ITSEC rated. Nor does it say that one ITSEC rated firewall is the same as another, even with the same rating. The value of an ITSEC-rating is that the purchaser can identify that that particular firewall has had a set of security claims made/set (the Security Target) and has been tested agaist a number of criterion for compliance with those tests. In other words "the firewall does what its manufacturers claim" - that is all. The various levels 1, 3, 6 etc... are the levels of "assurance" to which it has been tested - basically anyway. There are a number of testing authorities around the world - here in Australia for instance it is the Defence Signals Directorate. Each has their own list of "approved" or ITSEC-tested products. Gauntlet, Checkpoint Firewall-1, IBM Firewall, Cisco PIX and CyberGuard are firewalls in this country that have either been ITSEC rated or are still undergoing testing. Firewall-1 V.4.0 is ITSEC E3 in the UK and 4.1 is still under evaluation there too. In Australia 4.0 is still under evaluation... More info: UK: http://www.itsec.gov.uk/ Australia: http://www.dsd.gov.au/infosec/ You also may wish to check out the Common Criteria scheme as well.... http://csrc.nist.gov/cc/ CC is becoming the new evaluation standard to be adopted by various countries around the world. Hope this helps. Regards Chris ---------------------------------------------------------------------- Christopher A Nicholls ---------------------------------------------------------------------- Softway NSG - Randata - Rotek - GuardNet SecureNet Ltd trading as Secure Network Solutions SecureNet: ACN 073 665 175 9-11 Napier Close Deakin ACT 2600, Australia PO Box 253, Deakin West ACT 2600, Australia Ph: +61 2 6260 3255 Fax: +61 2 6260 3188 E-mail: cnichollsat_private Mob: 0418 487 322 WWW: http://www.securenet.com.au "Opinions expressed in this e-mail are not necessarily those of SecureNet" ---------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:00:20 PDT