OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Penetration testing via shrinkware

Re: Penetration testing via shrinkware

Ted Doty (tediss.net)
Wed, 23 Sep 1998 13:15:59 -0400

At 11:55 AM 9/23/98 -0400, Marcus J. Ranum wrote:

>For those who haven't looked at it, the common criteria is a
>rule-base for building specifications of the security properties
>of security systems. In other words, it lets you write a standard
>definition of what a firewall should do. Once you've done that
>you can apply that definition to specific solutions. This all
>sounds great in theory, but:

[lots of good stuff deleted]

4. It's viewed by many organizations as "necessary but not sufficient" for
their purposes. If you talk to (say) the german BSI, they'll tell you that
they want CC, but with "German Extensions" (at least they told me that).
Presumably the same would apply for the US, Canadian, UK, French, {etc}
governments. So there's probably no "standard firewall definition" that
would be meaningful, i.e. accepted by the target audience that CC attempts
to address.

- Ted

-----------------------------------------------------------------------
Ted Doty, Internet Security Systems | Phone: +1 678 443-6000
6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax: +1 678 443-6479
Atlanta, GA 30328 USA | Web: http://www.iss.net
-----------------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT