Take a look at this site to get a good idea at what the Navy does for its
security standards. https://infosec.navy.mil
I am sure that the other Mil services provide the same info secure sites.
----- Original Message -----
From: "Marcus J. Ranum" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 08, 2001 1:49 PM
Subject: Re: Military spec firewall
> "Dan Wenderski" <[EMAIL PROTECTED]> writes:
> >I'm looking for a Military spec firewall.
>
> Minor grumble: Why is it that people think "military spec" means
> it's somehow good?? Remember, "mil spec" usually means "built by
> the lowest bidder to exactly meet minimum standards" or "designed
> by a committee" and not "best of the best"
>
> > So I'm trying to find a firewall/s that would meet mil specs (I'm
not sure
> >what the spec number is) for our situation. I'm hoping that one can be
> >purchased for a reasonable price justifiable for a small office of no
more
> >then 15 users.
>
> Here's a URL to a fairly inexpensive "mil spec" firewall. it's also the
> "best of the best" though its user interface is not very well documented:
> http://web.ranum.com/pubs/a1fwall/index.htm
>
> Now - joking aside:
> Most likely whoever told you you needed a "mil spec" firewall didn't
> know what they were talking about. If you're running a facility that
> has classified materials, then you'll have a site security officer who
> will understand/be responsible for maintaining the facility's security.
> If you have an SSO, ask them. If you aren't dealing with classified
> materials, then there really is no standard - just a patchwork of
> commercial products configured semi-randomly. It's pretty much a
> case of "do your best" (or more often "cover your butt") and that's
> sufficient.
>
> There have been projects in the past to implement high security
> guards (orange-book-ese for "firewall") between classified and
> unclassified systems. These guards would run on evaluated
> platforms with multilevel security and all kinds of complicated
> stuff. Generally, if you look under the covers you'll find that they're
> basically a BSDI box with pretty normal firewall software running
> on them, and a nose-bleed pricetag. Impressive! Don't take that
> stuff seriously and you'll save a lot of time.
>
> mjr.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
