Domain: argusrevolution.com
Stories and comments across the archive that link to argusrevolution.com.
Comments · 9
-
Re:Has the GPL ever been successfullly enforced?Actually, most GPL violations are not large enough to show up on the FSF's radar screen at all. I have personally seen several flagrant violations (such as this one), that are not pursued just because nobody has heard of the product or the company behind it.
-all dead homiez
-
Re:ACLs on Linux?ACLs are most commonly associated with Trusted Operating Systems (Where TrustedBSD gets it's name) ala the rainbow series of books.
The NSA's SE Linux has been covered here many times.
Also mentioned in the past is PitBull from Argus Systems (I work across the street from their offices) which stood up to the OpenHack III challenge a few moths back. PitBull gives Trusted OS extentions to Solaris, AIX and Linux. (There's free non-com licenses at Argus Revolution.)
And Sun also already has a Trusted Solaris.
There's others as well.
It occurs to me that you might have meant is it a first to provide ACL support via Samba, in which case I appologize. This was of course already answered by someone else.
-- -
Re:Trusted Solaris
You can bring Solaris 7 up to B1 trusted with a little package called PitBull. From what I've heard it's doing pretty well for itself.
-- -
I can't believe this happened to the DoD
...because I'm thinking, who the hell else uses OSes like Trusted Solaris and Argus Pitbull? I mean, it seems like these systems were designed with government use in mind, and I just assumed that they would be smart enough to use systems like these.Oh well, I guess when you assume, you make an ass out of you and me...
-
Netcraft tells it all...
www.westernunion.com is running Microsoft-IIS/4.0 on NT4 or Windows 98
D'oh! Seriously, you'd think these big banks and money sending whatever it is western union does people would use a B1 Trusted OS or something.
May I suggest BullDog or possibly TrustedBSD? I haven't tried TrustedBSD, but I was quite impressed with BullDog's stats at this past DefCon. They put a server running thir OS (a modified Solaris) on the CTF (Capture The Flag) network running all sorts of insane services. A day into the competition they still hadn't been cracked so they posted the shadow password file. They never did get cracked.
-
Most Secure Well Known OS perhaps...
OpenBSD does an amazing job of presenting an extremely secure distribution, I will stipulate that right at the get go. I think it's a bit premeture to say that it's the Most Secure OS though. There are a number of implimentation of the DoD B1 security standard (as applies to operating systems, specifically) in the world - these include Trusted Solaris from Sun and PitBull from Argus Systems Group.
Granted, these operating systems take a quite different approach to security (rather than requiring strict application audits as in OpenBSD they instead try to eliminate the need for such audits through strict kernel control manifested in a number of sneaky ways). These systems have been, and are currently widely used by military, intelligence, financial, and, increasingly, high end e-commerce systems. In an attempt to increase public awareness and popularity of PitBull Argus Systems Group has begun giving it away for non-commercial use. Anyone interested in high security servers is highly recommended to check it out. It's no holy grail, and by no means the right solution for every problem, but it is a very interesting take on the problem, and quite a different way of looking at system architecture and administration than most of us get exposed to on a regular basis.
None of this is intended to steal OpenBSD's thunder - it's a great accomplishment, and far closer to existing operating environments than it's B1 counterparts (which makes it more accessable, and more flexable). Often, a B1 system will be severe overkill (or just too much of a pain to configure and manage), where OpenBSD will just work. So I'm not saying that OpenBSD is no good, I'm just saying that choosing the "Most Secure OS" isn't quite so clear cut...
Oh, BTW, there is a Trusted BSD project, but it's fairly young and as I understand it building a trusted OS is quite time consuming. When it's ready I think it will likely kick ass, but it may yet be a long way off.
-- -
Trusted OSThere is a great solution to a lot of these problems. It's not the be all end all, but it is a good start. I've written what I think is an interesting analysis of the Apache Web site hack paper to illustrate how trusted os can be used. You can find it at http://www.argusrevolution.c om/articles/apachetos.html
There are a lot of interesting things being done with Trusted OS today. A number of people are working on commercial TOS for people. Argus Systems Group is doing commercial versions, and Robert Watson is heading up the TrustedBSD port (www.trustedbsd.com)
Trusted OS does not remove security flaws and holes, but it can cause them to give the attacker no real access to the system. Check out the paper I wrote, as it should illustrate this quite nicely.
Cheers,
JeffJeff Thompson
Software Evangelist and Visionary
http://www.argusrevolution.com/ -
Re:A good security question?You can obtain a free Trusted OS that sits on top of Solaris 7 (x86 and sparc) from the Argus Revolution. ISO CDROM images are available for download as well as an online store to order the media from if you like.
The Trusted OS is called PitBull and is made by Argus Systems Group. We are currently porting to Linux (IA64 and 32bit kernels), AIX, and UnixWare.
To address issues of certification. An OS can in fact go through certification and receive a "B1" rating. Argus is currently doing this under the Common Criteria scheme which has replaced both the old US TCSEC and European ITSEC methods of certification. This also includes networking as part of the evaluation.
There is a lot of misinformation being spread around about what "B1" is and how certifications work. I am more than happy to answer any questions in this regard (and am considering writing a FAQ to cover this often misunderstood issue).
As to whether you need B1? If you are running a system that is connected to a public network and you don't want an application exploit to lead to system wide penetration, then you should be running B1. B1 is not just for the overly paranoid crazy person, millitary, and banks.
The whole point of the aforementioned Revolution is to raise awareness in trusted os technology and get people talking about it. If you would like to be involved in these discussions please get involved on the site. I'd love to have people running PitBull, but we are happy to engage everyone that is using trusted os's! The most important thing is to get people to use platforms that actually let them secure their systems. Trusted OS technology lets you do this!
Cheers,
Jeff
Jeff Thompson
Software Evangelist and Visionary
Argus Systems Group, Inc.
thompson@argus-systems.com -
Re:B1 Linux in about a yearEven better, Argus is currently giving away PitBull for free for non-commercial use. It is currently available for Solaris 7 on Sparc and x86.
Argus has ports under way to AIX, UnixWare, and Linux.
Argus Revolution is the online portal where it is being made available from. Free B1 OS, free T-Shirt. What could be better?
:)