"Dan Wenderski" <[EMAIL PROTECTED]> writes:
>I'm looking for a Military spec firewall.
Minor grumble: Why is it that people think "military spec" means
it's somehow good?? Remember, "mil spec" usually means "built by
the lowest bidder to exactly meet minimum standards" or "designed
by a committee" and not "best of the best"
> So I'm trying to find a firewall/s that would meet mil specs (I'm not sure
>what the spec number is) for our situation. I'm hoping that one can be
>purchased for a reasonable price justifiable for a small office of no more
>then 15 users.
Here's a URL to a fairly inexpensive "mil spec" firewall. it's also the
"best of the best" though its user interface is not very well documented:
http://web.ranum.com/pubs/a1fwall/index.htm
Now - joking aside:
Most likely whoever told you you needed a "mil spec" firewall didn't
know what they were talking about. If you're running a facility that
has classified materials, then you'll have a site security officer who
will understand/be responsible for maintaining the facility's security.
If you have an SSO, ask them. If you aren't dealing with classified
materials, then there really is no standard - just a patchwork of
commercial products configured semi-randomly. It's pretty much a
case of "do your best" (or more often "cover your butt") and that's
sufficient.
There have been projects in the past to implement high security
guards (orange-book-ese for "firewall") between classified and
unclassified systems. These guards would run on evaluated
platforms with multilevel security and all kinds of complicated
stuff. Generally, if you look under the covers you'll find that they're
basically a BSDI box with pretty normal firewall software running
on them, and a nose-bleed pricetag. Impressive! Don't take that
stuff seriously and you'll save a lot of time.
mjr.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
