Hi all,
I'm new to this list, but have been working with the PIX for the past three
years, and have worked with many of the original developers and engineers.
The PIX OS is not based on BSD, or any other general purpose operating
system. I believe it was built from the ground up, with security in mind,
and learning from many other OSs in the market.
BSD is used in the QA & Development testing labs, as well as NT and other
operating systems, in order to ensure that PIX correctly supports the
various protocol implementations, of various vendors. I know of a few
early problems with the PIX support of various tcp protocols that were due
to assumptions that the BSD implementation was the best model for all
protocols. But this was simply in respect to how the PIX handled tcp
protocols, and not in regards to the OS itself. Those were early problems
that have since been corrected; also corrected were the assumptions that
caused the problems in the first place. BSD was simply used as a reference
for protocol implementation.
Perhaps it is this history that has led to the rumor of PIX being based on
BSD.
I hope that helps clear things up.
Thanks,
Lisa Napier
Product Security Incident Response Team
Cisco Systems
http://www.cisco.com/warp/public/707/sec_incident_response.shtml
At 02:08 PM 9/23/1999 -0300, Fabio Rocha wrote:
>Well of course they wouldn�t recreate the wheel... The PIX is based on
>something known... But based is not the same as being the real OS. Although
>it �could even be� built on the real OS... but I don�t they did this way...
>
>Anyway, I also can�t confirm this... does anyone can?
>
>F�bio.
>
> >I thought that is was based on *BSD, a general purpose operating system.
>You
> >just don't get access to it. It seems to be another play on the 'security
>by
> >obscurity' philosophy. Can anyone confirm/dispute this?
> >
> >-pj
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
