Re: Firewalls - ITSEC Rating?

From: arkat_private
Date: Mon Feb 07 2000 - 02:28:27 PST

Next message: Bill Pennington: "Re: DMZ design - Exchange, SQL, & DCOM"

Previous message: Michael Borkin: "Re: DMZ design - Exchange, SQL, & DCOM"
Maybe in reply to: Craig Martin: "Firewalls - ITSEC Rating?"
Next in thread: Rick Smith: "Re: Firewalls - ITSEC Rating?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

The ONLY firewall testing i've seen that was worth something was one
at (iirc) mitten.ie.org. BTW does anybody know what happened with this site,
are there any mirrors available on the net?

Predrag Zivic <pzivicat_private> said :

> Well,
> Since ICSA became a commercial organization (they make
> money and must have some kind of profit) I would
> double check validity of their tests.
> Although I think that their tests are still the most
> competent out there, I simply don't trust them any
> more... I guess I have a trust problem:-)) Maybe that
> is why I also don't use Verisign certs...:-))
> Pez
> 
> --- Rick Smith <rick_smithat_private> wrote:
> > At 08:30 AM 02/03/2000 -0500, Marcus J. Ranum wrote:
> > 
> > >I'm sure that many on this list will be shocked to
> > hear me say
> > >this, but the ICSA firewall product certification
> > is orders of
> > >magnitude more valuable to real customers than
> > ITSEC evaluation.
> > 
> > The Common Criteria is supposed to fix this problem
> > by defining "Protection
> > Profiles" that establish functional requirements for
> > particular types of
> > products. There are two firewall profiles already,
> > with more on the way.
> > The first two aren't much use to most firewall
> > customers because the
> > requirements are 'way too abstract. You could build
> > all sorts of arcane
> > devices that meet the criteria while remaining
> > steadfastly useless for most
> > security purposes. At least a hub is useful for
> > something.
 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBOJ6eSqH/mIJW9LeBAQHTjQP9EubCYXLSrXVJdRqk6LUa8NyF2YA2k0H5
iiwAMGLEJCi6DMNTXrPah1SrRajyVG1WPOkTJLSmSR9NZ+zaI4vE0gobLADdqPoP
7VwMxJwrX4CqC8dh79C3QYsBnUb8j4JaAlrgOdj2uSvBfkeDRUF6Hjb0u5/zFvS4
nZJISV5Gubw=
=HhGg
-----END PGP SIGNATURE-----

Next message: Bill Pennington: "Re: DMZ design - Exchange, SQL, & DCOM"
Previous message: Michael Borkin: "Re: DMZ design - Exchange, SQL, & DCOM"
Maybe in reply to: Craig Martin: "Firewalls - ITSEC Rating?"
Next in thread: Rick Smith: "Re: Firewalls - ITSEC Rating?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:21 PDT