Slashdot Mirror

← Back to Domains

Domain: securecomputing.com

Stories and comments across the archive that link to securecomputing.com.

Comments · 64

  1. SafeWord for Linux from Secure Computing by Nonesuch · · Score: 2 · on Strong Token-Based Authentication w/ Open Source Software?
    Secure Computing offers SafeWord, a token based authentication server which runs on Linux RedHat v6.1 (and numerous closed-source OSes).

    This product is considerably less expensive than SecurID. I spent several weeks testing the product last fall, and found no major security issues with their algorithm nor with the server software, just some minor unix permissions issues with the software installation process itself.

  2. SafeWord for Linux from Secure Computing by Nonesuch · · Score: 2 · on Strong Token-Based Authentication w/ Open Source Software?
    Secure Computing offers SafeWord, a token based authentication server which runs on Linux RedHat v6.1 (and numerous closed-source OSes).

    This product is considerably less expensive than SecurID. I spent several weeks testing the product last fall, and found no major security issues with their algorithm nor with the server software, just some minor unix permissions issues with the software installation process itself.

  3. O' the irony! by Oneflower · · Score: 2 · on SmartFilter: Way Too Extreme
    I attempt to check out SmartFilterWhere and get the following message from our proxy:

    ERROR: Site Access Denied

    If you are seeing this message, then you are trying to access a porn site.

    Please read this document for clarification on why this site is restricted.

    Access is restricted from 07:00 to 19:00 on weekdays.

    Please contact the helpdesk if you feel the site you are trying to access is needed during these times or is not a porn site, please include the URL of the site in your report.

    UCT Cache Administrator

    Generated Fri, 08 Dec 2000 09:09:40 GMT by cache.uct.ac.za (Squid/2.3.STABLE3)

    I nearly fell off my chair I was laughing so hard. The best part is that the list of sites blocked is shared amongst quite a few universities in here. Talk about poetic justice.

    Of course, any filter company would block their rivals' sites.

  4. A "capabilities" model for OpenBSD? by Nonesuch · · Score: 2 · on Ask Theo de Raadt about OpenBSD
    What is your opinion of the "capabilities" model of security, as implemented in Linux or in SecureOS, a BSD-variant used by Secure Computing's Sidewinder firewall?

    Will OpenBSD ever support "role accounts" with the ability to perform very specific functions that would otherwise require superuser access?

  5. SmartfilterWhere by drsoran · · Score: 1 · on Candidates' Websites Blocked by CyberPatrol, N2H2

    Well, if you want to check Smartfilter, Security Dynamics provides a web-based form you can type some URL's into and see how they're categorized: SmartfilterWhere. Unfortunately, it really depends on local site configuration on what is blocked or not though because the admin of the proxy is the one that would actually choose which categories to block. You could see if it came up as something weird like "sex" or "hate speech". Those are generally blocked obviously.

  6. Actually, close to it. by Nonesuch · · Score: 2 · on The World's Most Secure OS (?)
    I had a nice debate with TQBF on this subject about a year ago.

    Take a look at the BSD-derived OS shipped with the Sidewinder firewall, which they call SecureOSTM. Secure Computing has compartmentalization implemented in what they call Type Enforcement.

  7. Actually, close to it. by Nonesuch · · Score: 2 · on The World's Most Secure OS (?)
    I had a nice debate with TQBF on this subject about a year ago.

    Take a look at the BSD-derived OS shipped with the Sidewinder firewall, which they call SecureOSTM. Secure Computing has compartmentalization implemented in what they call Type Enforcement.

  8. Re:Chopping the web into little peices by russiste · · Score: 1 · on Slashback: Juveniles, Sand, Trickery, MoBos

    On most of the softwares' web sites, you have some sort of "test" section where you can enter an URL and check if it's blocked or not. For example...

    SurfWatch's "Test a site" page

    CyberPatrol's "CyberNOT Search Engine"

    CyberNanny's "Check a site" page

    WebSense's "site look up" page

    SmartFilter's SmartFilterWhere (this one's pretty nasty as it asks you for some personal info (name, phone, etc.) but I'm not sure if it's absolutely required to fill out those fields).

    By the way, I only checked the blocking software mentionned on this peacefire page so if there are others, you're on your own. :-) Oh yeah, and I didn't find any test page for N2H2's Bess.

    Greg

  9. List of pointers by Slugbait · · Score: 1 · on Auditing for Linux?
    Here is a collection of pointers (some already listed):

    http://bastille-linux.sourceforge.net/

    http://dwheeler.com/ secure-programs/Secure-Programs-HOWTO.html

    http://i30www.ira.uka.de/SawMill/index. html

    http://immunix.org/

    http://medusa.fornax.sk/

    http://oss.sgi.com/projects/ob1/index.ht ml

    http://soledad.cs.ucdavis.edu/

    http://users.ox.ac.uk /~mbeattie/linux/ANNOUNCE.mac30-20000214

    http://www.data.slu.se/bifrost/index.en .htm

    http://www.guug.de/~winni/posix.1e/

    http://www.lids.org/

    http://www.rsbac.de/rsbac/

    http:// www.securecomputing.com/archive/press/2000/nsa_faq _secure_linux.html

    http://www.trinix.org

  10. Library admins need control of blacklist by Shook · · Score: 0 · on Open Letter to the Family Research Council

    Right now I am using a computer at my school that passes traffic throgh proxy based filter called Webtrack (neé Smartfilter ). The software runs on the server rather than the client. I believe the blacklist is self-updating. BUT (and I think this is important) If I find a blacklisted site that I want to access (for legitimate reasons), I can fill out a form, and the Dean of Acad. Services will review it. So far I have successfully gotten Suck.com and theonion.com unblocked. I can understand the university's (and the library's) positions. The public does not need to be subsidizing anybody's porn habits. But I think it is important that final control of the blacklist resides on the local level (rather than with some far off company) and that users can have bad blocks removed. .

  11. Library admins need control of blacklist by Shook · · Score: 1 · on Open Letter to the Family Research Council

    Right now I am using a computer at my school that passes traffic throgh proxy based filter called Webtrack (neé Smartfilter ). The software runs on the server rather than the client. I believe the blacklist is self-updating. BUT (and I think this is important) If I find a blacklisted site that I want to access (for legitimate reasons), I can fill out a form, and the Dean of Acad. Services will review it. So far I have successfully gotten Suck.com and theonion.com unblocked. I can understand the university's (and the library's) positions. The public does not need to be subsidizing anybody's porn habits. But I think it is important that final control of the blacklist resides on the local level (rather than with some far off company) and that users can have bad blocks removed.

  12. Re:not trying to pick a fight... by sethg · · Score: 3 · on NSA Backing Secure Linux OS Development
    In the standard Unix security model, once an attacker is logged in as root, or gets his/her program to run as root, or exploits a weakness in a program that runs as root ... "game over, man, game over".

    According to this summary of Sidewinder's system, the only way you can get this level of access is by booting the "administrative kernel", and when the administrative kernel is running, all network connections are disabled. While running the normal "operational kernel", every process can be restricted to handling certain file types and system calls. This way, for example, your netnews server and FTP server can have administrators who can't access one another files or processes. If, say, a Belgian spy compromises your netnews administrator's account, the spy still couldn't send out anything over FTP.
    --
    "But, Mulder, the new millennium doesn't begin until January 2001."

  13. Better link to "Type Enforcement" by Eric+Seppanen · · Score: 1 · on NSA Backing Secure Linux OS Development

    grr. frames.

    The correct link is here
    --

  14. Sounds an awful lot like capabilities to me by Eric+Seppanen · · Score: 2 · on NSA Backing Secure Linux OS Development

    Their "Patented Type Enforcement Security" described here sounds an awful lot like the capabilities support already under development for the linux kernel.

    The scope of the "type enforcement" implies it would have to be done in the linux kernel. If so, there's going to be a serious licensing question here because there's no way that kind of change can be put in a module.
    --