It seems to me that reguardless of what you do to write-protect the medium, you have
to flush (restart) the system regularly to be the most secure. This would idealy have
to be done by some method that is both independant of the LEAF firewall itself and the
systems it is protecting as these methods could be compromised. If you had a simple
hardware timer that recycled the power on the machine every night or on some schedule
that makes sense this would work.
Now, of course, we are now playing in the land of the ideal, but when dealing with
firewalls this should be an option.
Richard Amerman
-----Original Message-----
From: Erich Titl [mailto:[EMAIL PROTECTED]]
Sent: Sat 6/29/2002 2:08 PM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: Software write-protect (Was: Re: [leaf-user] Floppies)
Hi
I believe the security concerns are well understood. But if we have someone
on our doorstep with the ability Charles pointed out, of course he/she will
be able to place some malware on our ram disk. It is not as bad es having
an infected non volatile storage but I believe this attacker would be
clever enough to fool the poor firewall user and make him feel secure. So
even if we have write protected disks we probably would have to reboot
periodically or have some other (non foolproof) prevention for such a
scenario. Any thoughts ...
regards
Erich
Mike Noyes wrote the following at 19:14 29.06.2002:
>On Sat, 2002-06-29 at 08:34, Mike Noyes wrote:
> > On Sat, 2002-06-29 at 06:15, Manfred Schuler wrote:
> > > one reason for software write protection is that people using flash/hard
> > > disk at the moment have no other possibilities. And even if it is not
> > > perfect, it is better than nothing.
>
>Manfred,
>I forgot to mention SCSI as a solution for hard drives. SCSI drives have
>had the ability to do hardware write-protect for many years.
>
> > Manfred,
> > There are alternatives to software write-protect. Current generation
> > flash disks are capable of hardware write-protect. They use two
> > different approaches:
> >
> > * Custom ATA controllers on the IDE compatible flash disk.
> > ATA-Disk Module
> > http://www.sst.com/products/58sm_lm.html
> > ATA-Disk Chip Application Notes
> > http://www.sst.com/superflash/pdf/222.pdf
> > ATA-Disk Module Product Brief
> > http://www.sst.com/ata_disk/admbrief.pdf
> > ATA-Disk Module (Apacer)
> > http://www.apacer.com/product/flash/index_adc_adm.html
> >
> > * A software and hardware combination that changes the write state
> > of the flash disk in hardware.
> > Secure Disk on Module (SDOM)
> > http://www.pqi.com.tw/eng/ourproduct/sdom.htm
>
>--
>Mike Noyes <[EMAIL PROTECTED]>
>http://sourceforge.net/users/mhnoyes/
>http://leaf-project.org/
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>No, I will not fix your computer.
>http://thinkgeek.com/sf
>------------------------------------------------------------------------
>leaf-user mailing list: [EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user
>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
No, I will not fix your computer.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
������^�����)�{(��[�8b�A�zCh#���z-~,r��ܢjn������b�H�zG(����柺ǫ����x%��ey�����l���q����z�m��?�X���(���~��zw��X�����b��?�柺ǫI�@B�m���y�鮈�r�+��no�hs�hrf�j�������|�Xm�
