the army actually is using checkpoint. they (checkpoint) won the business
back. i know someone on the list mentioned they were using something else.
eric.
----- Original Message -----
From: "mimo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 10, 2001 3:28 PM
Subject: Re: Military spec firewall
> Take a look at this site to get a good idea at what the Navy does for its
> security standards. https://infosec.navy.mil
> I am sure that the other Mil services provide the same info secure sites.
>
> ----- Original Message -----
> From: "Marcus J. Ranum" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, January 08, 2001 1:49 PM
> Subject: Re: Military spec firewall
>
>
> > "Dan Wenderski" <[EMAIL PROTECTED]> writes:
> > >I'm looking for a Military spec firewall.
> >
> > Minor grumble: Why is it that people think "military spec" means
> > it's somehow good?? Remember, "mil spec" usually means "built by
> > the lowest bidder to exactly meet minimum standards" or "designed
> > by a committee" and not "best of the best"
> >
> > > So I'm trying to find a firewall/s that would meet mil specs
(I'm
> not sure
> > >what the spec number is) for our situation. I'm hoping that one can be
> > >purchased for a reasonable price justifiable for a small office of no
> more
> > >then 15 users.
> >
> > Here's a URL to a fairly inexpensive "mil spec" firewall. it's also the
> > "best of the best" though its user interface is not very well
documented:
> > http://web.ranum.com/pubs/a1fwall/index.htm
> >
> > Now - joking aside:
> > Most likely whoever told you you needed a "mil spec" firewall didn't
> > know what they were talking about. If you're running a facility that
> > has classified materials, then you'll have a site security officer who
> > will understand/be responsible for maintaining the facility's security.
> > If you have an SSO, ask them. If you aren't dealing with classified
> > materials, then there really is no standard - just a patchwork of
> > commercial products configured semi-randomly. It's pretty much a
> > case of "do your best" (or more often "cover your butt") and that's
> > sufficient.
> >
> > There have been projects in the past to implement high security
> > guards (orange-book-ese for "firewall") between classified and
> > unclassified systems. These guards would run on evaluated
> > platforms with multilevel security and all kinds of complicated
> > stuff. Generally, if you look under the covers you'll find that they're
> > basically a BSDI box with pretty normal firewall software running
> > on them, and a nose-bleed pricetag. Impressive! Don't take that
> > stuff seriously and you'll save a lot of time.
> >
> > mjr.
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
