On Tue, 28 Nov 2000, HUNGRY PIRANHA wrote:
> the nsa would take great interest in knowing what backdoors
> the 'ha-Mossad le-Modiin ule-Tafkidim Meyuhadim' might have available to
> them.
Bzzzzt! I'll take incorrect rumor mongering by carnivorous fish for $500
Alex...
Just in time for the annual "Mossad backdoor so the USG won't allow it"
rumor:
"This page contains a list of products which have not only been validated
against Common Criteria Security Targets under the Common Criteria
International Mutual Recognition Arrangement (MRA) and listed on the NIAP
VALIDATED PRODUCTS LIST, but which also have been determined to be compliant
with Protection Profiles (PP) or Security Targets (ST) certified by NSA as
appropriate for use in "national security" systems consistent with the
environments specified in the PP or ST."
This comes from:
http://www.radium.ncsc.mil/tpep/epl/cc_st.html
Follow the links and you'll find the TTAP report and ST in PDF and
Postscript format.
I'm not a FW-1 fan (or a Common Criteria fan either), but baseless rumor
mongering isn't appropriate. Fact is that FW-1 is approved by NSA for
usage in "Low Risk Environments," which is the only environment the X31
guys seem to have released info on.
The X31 reports included more firewalls than those listed, as do the
Common Criteria pages, so I'm assuming that the page quoted only supports
the intersection of the Common Criteria and the X31 protection profile
stuff.
As with any certification program- [disclaimer: My current employer tests
and certifies firewalls commercially] - people relying on the
certification should check the certification criteria for applicability to
their exact circumstances. Certification isn't a blanket blessing of a
product, it's measurement against specific criteria. People relying on
those evaluations should examine the criteria no matter if it's X31's
criteria, ICSA Labs' criteria, TPEP criteria, or the Common Criteria. For
the Common Criteria stuff, this means reading each report for each
product, since it's not a global test against set criteria.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
