Re: Nokia/Checkpoint firewall

From: Josef Pojsl (josef.pojslat_private)
Date: Mon Feb 07 2000 - 02:23:31 PST

Next message: Mikael Olsson: "Re: DMZ design - Exchange, SQL, & DCOM"

Previous message: Bill Pennington: "Re: DMZ design - Exchange, SQL, & DCOM"
Next in thread: Jerald Josephs: "Re: Nokia/Checkpoint firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jerald,

many thanks for your input. I was especially concerned about the version
of FreeBSD that is your product based on. I was not able to find
any reference about it on your web site - have I missed something?

To restate my position, it comes from my strong belief that open systems
are more secure. I did not mean to impeach anyone's competence personally.
Still, IMHO, fixes and enhancements given to public are likely to be
more secure. For any security fixes and/or enhancements made by Nokia,
I would expect one of the following to happen:

1) You send them to the FreeBSD team that will eventually create patches
   or, in the case of new features, (a) port(s). This is my favourite
   as the authors of the OS know their system better than anyone.

2) If you want to keep your changes private and base your business
   on them, you transparently explain what exactly has been changed
   or added and how (ideally, you would make the sources public,
   eventually still keeping your intelectual property).

With full respect to the skills and commitment of your team,
I can't fully trust general statements about higher
security of your product unless there is a chance to look at it in detail.

With regards,
Josef

On Fri, Feb 04, 2000 at 09:02:17PM -0800, Jerald Josephs wrote:
> IPSO is based upon FreeBSD 2.2.6.
> All known security issues in FreeBSD have been incorporated into IPSO
> as we have become aware of them.
> 
> Whereas FreeBSD is an effort supported by contributions from many sources,
> IPSO development is a concerted effort under the focused attention of a group
> of engineers that include some who have been involved in UNIX development
> since the beginning of UNIX.
> 
> I respect your concern, Josef, however, IPSO is MORE SECURE than any
> implementation of FreeBSD that you can obtain.
> 
> You suggest that Nokia is not competent when it comes to OS development
> because you assume that the Security Platforms are engineered by those who
> are responsible for other Nokia products, such as mobile phones.  Perhaps you
> don't recall that Nokia acquired Ipsilon Networks in 1997 and the IP in IP650
> means Ipsilon. The Nokia Security Platform continues to be developed under
> the direct supervision of the original core group that made up Ipsilon Networks.
> 
> I am one of them.
> 
> Sincerely,
> 
> --- Jerald Josephs

Next message: Mikael Olsson: "Re: DMZ design - Exchange, SQL, & DCOM"
Previous message: Bill Pennington: "Re: DMZ design - Exchange, SQL, & DCOM"
Next in thread: Jerald Josephs: "Re: Nokia/Checkpoint firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:23 PDT