Enough! We all know what "TopSecret" is/was now. Thanks to all for your
help. Now, please continue your (pointless?) parseing of the word
"firewall". :)
Thanks.
Bill
On Mon, 23 Aug 1999, Vin McLellan wrote:
> At 06:32 AM 8/23/99 -0400, W Joel Gridley wrote:
> >Depends on how nit-picky you want to get with the definition of a firewall.
> >
> >FIREWALL; A system, combination of systems, or security policy that enforces
> > a boundary between resources, hosts, or networks.
>
> Nice definition, but a little awesomely inclusive. Would include
> just about any and all types of security technology, wouldn't it. That sort
> of definition gets useless pretty quickly.
>
> >BASTION HOST; A hardened system expected to potentially become attacked by
> intruders. Usually placed between the internet and an internal LAN.
>
> When Marcus Ranum came up with the concept of a bastion host, it was
> explicitly within the context of a firewall server. An networked server --
> certainly any at the junction of a LAN and the Internet -- might be expected
> to routinely fact intruder attacks. (And what some folks consider
> "hardening" of a server OS is enough to make you cry;-)
>
> >These definitions may not be widely accepted, but depending on how you
> >define what a firewall is, what you describe below kinda fits.
>
> As I said, almost anything fits when you make the definitions loose
> enough.
> >
> >Never heard of TopSecret, but I'd consider it a firewall product from what
> >you describe.
>
> Even relatively sophisticated folks today often have to acknowledge
> that their experience is often limited to client/server architectures. (As
> others have little experience with C/S topologies.)
>
> Top Secret (along with RAC-F and ACF2) have been, for decades, the
> leading access control modules for MVS on IBM's OS/370-OS/390 family of
> mainframes. They enforce a combination of -- generally one-factor, i.e.
> static password-based -- user authentication, but also apply a sophisticated
> table-based specification of (per-user or per-group) authorization rights
> which hopefully express the site's security policy.
>
> Suerte,
> _Vin
>
> >At 10:33 AM 8/23/99 +0200, Skough Axel IT-S wrote:
> >>Hello Bill,
> >>
> >>I do, but as a firewall product??? No, to me it is a security system similar
> >>to RACF for the IBM MVS computers (System 360/370/390), it runs on releases
> >>370, XA and ESA. But it controls local access within the computer for
> >>different adress spaces to files etc. It is an ACL system, not a firewall
> >>product. But - of course, it could have been extended making it possible to
> >>use a MVS system as a firewall, rather it should intecept with the NJE
> >>subsystem?? But this is not regular TCP/IP.
> >>
> >>There is a special TCPIP system adress space in the MVS which possibly could
> >>intercept with a Top Secret system??? I dunno, there are many years since I
> >>was concerned with MVS systems.
> >>
> >>Regards,
> >>
> >>Axel
> >>
> >> ----------
> >> Fr�n: Bill Casti (System Admin) [SMTP:[EMAIL PROTECTED]]
> >> Skickat: Saturday, August 21, 1999 2:43 AM
> >> Till: Firewalls List
> >> Ang�ende: Firewall Product "TopSecret"?
> >>
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
