I've been doing a little reading on Windows NT embedded. I was wondering if any one knew of any work being done with firewall appliances, Windows NT embedded and FW-1 (or any other firewall for that matter)?
It seems to me that FW-1 on WinNT Embedded would be more secure. Instead of hardening a system, design the system without the offending services to begin with. Only have the most basic NT services available to run TCPIP and the FW (inspection) module. The GUI/Management station could be on another machine and the two could talk via secured channel. The Management station could also be used to manipulate TCPIP parameters, ARP and routing on the appliance. The less programs on the appliance, the less possible vulnerabilities to be concerned about and the less that can be used against you.
Create a device that is more reliable than a standard PC; i.e. a headless appliance that contains only CPU, PCI slots (for nics or crypto), flash or solid state memory (M-Systems) and the appropriate controllers and BIOS.
If you are a Linux or Unix supporter, these principles would also apply. I'm just not sure if embedded versions of Linux or Unix exist.
Either way, I'd be interested in hearing what people think about this concept.
