[84129] in North American Network Operators' Group
Re: DARPA and the network
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Tue Sep 6 12:34:01 2005
Date: Tue, 6 Sep 2005 12:30:30 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: nanog@merit.edu
In-Reply-To: <OFF77C666B.CBA6C0D7-ON80257074.003C278F-80257074.003CCE50@radianz.com>; from Michael.Dillon@btradianz.com on Tue, Sep 06, 2005 at 12:04:14PM +0100
Errors-To: owner-nanog@merit.edu
On Tue, Sep 06, 2005 at 12:04:14PM +0100, Michael.Dillon@btradianz.com wrote:
> > yes, it is. we can further dicuss that in private if you wish; however,
> > claiming OpenBSD is just more vocal about security is just far off
> > reality, and that had to be put in perspective.
>
> The real question is not whether other BSDs or
> other Unices are following OpenBSD's lead. I'd like
> to know how many embedded systems (routers and switches)
> are implementing similar "hardening" techniques.
Well, I sort of gather that the implication was "all the ones that are
embedding OpenBSD". ;-)
> The Internet runs on embedded systems and although many have their
> roots in Unix, they don't seem to have adopted many of the security
> techniques that are used in C2 or CAPP certified systems.
Quite so.
> The details that Henning posted are useful to list members who are
> writing RFPs for new network gear. Even if vendors can't meet these
> requirements today, it is good to let them know that people seriously
> want secure operating systems on their routers and switches.
Ah yes, the most important requirement: informed, vocal users. The
more you spend per year, the better.
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Designer +-Internetworking------+----------+ RFC 2100
Ashworth & Associates | Best Practices Wiki | | '87 e24
St Petersburg FL USA http://bestpractices.wikicities.com +1 727 647 1274
If you can read this... thank a system administrator. Or two. --me
