Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting Yo

from [Steven Jones] Network Security [Permanent Link]
Subject: RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk
Date: Mon, 27 Feb 2006 09:51:44 +1300 
The answer should be obvious,

Most people don't want security at any cost, otherwise most people would
not be running a MS OS.

The answer is a balance of cost, usability and security. The service has
to be affordable when looked at in TCO terms. Ie yes, risk of being
hacked has to be considered as part of business risk/impact on the life
cycle, but it is usully not the be all and end all.

Also add in getting applications to run well on an anally retentative
system can be hard work, the performance if lots of logging is done can
kill i/o....so often the hardware costs more....ie bigger disks or
better still a separate i/o channel for logging and 2 disks
minimum.......

So while there will be organisations that want these high levels of
security these are so few that the economics of specialist OSes is not
there....

Regards

Steven



-----Original Message-----
From: Craig Wright [mailto:cwright@bdosyd.com.au] 
Sent: Friday, 24 February 2006 12:56 p.m.
To: dave kleiman; security-basics@securityfocus.com
Subject: Sun cans Trusted Solaris, was Why Easy To Use Software Is
Putting You At Risk




Hello,
Many people on the list have the idea that people want secure software
at any cost.


Sun have produced a very good product - Trusted solaris for a long time.
I would like people to answer me (if they can) why they have decided to
stop producing it. To explain why, if everyone wants secure by design
software they are not willing to pay the extra cost to obtain it and
thus why Sun is going to no longer support this OS.

Trusted Solaris has an EAL 4+ rating, supports MAC and RBAC and has a
verified architecture.

Instead Sun will add ECC (elliptice curve crypto) to the existing
versions of Solaris.

Flames welcome, please explain why more people are not implementing a
provably more secure system when it is available.

Regards
Craig S Wright

See:
http://www.infoworld.com/article/06/02/13/75309_HNendtrustedsolaris_1.ht
ml

Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is
confidential. If you are not the intended recipient, you must not use or
disclose the information. If you have received this email in error,
please inform us promptly by reply email or by telephoning +61 2 9286
5555. Please delete the email and destroy any printed copy. 


Any views expressed in this message are those of the individual sender.
You may not rely on this message as advice unless it has been
electronically signed by a Partner of BDO or it is subsequently
confirmed by letter or fax signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its
attachments due to viruses, interference, interception, corruption or
unauthorised access.

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re[2]: MS in information security, Vladimir B. Kropotov
Next by Date:  Proximity of DR Sites & U.S. City Hazards, lists@infostruct.net
Previous by Thread:  Re: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk, b . hines
Next by Thread:  Re: RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk, jchambers
Indexes:  [Date] [Thread] [Top] [All Lists]