From owner-freebsd-security Wed Aug 8 4:30: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id DB9C437B413; Wed, 8 Aug 2001 04:29:58 -0700 (PDT) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.11.3/8.11.1) id f78BTqQ60215; Wed, 8 Aug 2001 21:29:52 +1000 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from wf-138.aipo.gov.au(192.168.1.138) by pericles.IPAustralia.gov.au via smap (V2.1) id xma060213; Wed, 8 Aug 01 21:29:50 +1000 Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.11.1/8.11.1) id f78BTp900605; Wed, 8 Aug 2001 21:29:51 +1000 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan.aipo.gov.au: anwsmh set sender to anwsmh@IPAustralia.Gov.AU using -f Date: Wed, 8 Aug 2001 21:29:50 +1000 From: Stanley Hopcroft To: ISP@FreeBSD.ORG Cc: Security@FreeBSD.ORG Subject: Having a FreeBSD based firewall approved for Australian Government use (getting on EPL) Message-ID: <20010808212948.A575@IPAustralia.Gov.AU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Ladies and Gentlemen, I am writing to invite expressions of interest from those who may wish to help pay the fee to have FreeBSD and other open source software evaluated and approved as firewall products for Australian Government use (products that meet the 'common criteria' at the E3 level and have been independently validated - that's the fee part - and so become part of the 'Endorsed Product List [EPL]). The background is that my employer has been a happy user of a FreeBSD based firewall for some years but with a change to a more risk averse and ignorant management, the cost of the firewall is being compared to outsourcing the service, or replacing it by a Commonwealth of Australia approved firewall (an E3 rated product from the EPL). Such products include PIX (?? maybe E1 only) and Gauntlet. Maybe Firewall-1. Part of the attraction of having FreeBSD on the EPL is commercial products drop of the EPL at the whim of the vendor, and one is faced with the prospect of doing it all gain with a different product. A very sensible man has suggested that the cost of hardware, approved software and setup may in fact approach the A $100k for the evaluation fee (the evaluation is __not__ like the Orange book approach. An E3 rating means something like an inspection of the source has shown evidence of software engineering principles). Obviously we will only proceed if we find we can save money by using software that we like and have found trustworthy. We would submit FreeBSD RELEASE and some other famous name software for evaluation (and reevaluation when the software changes). The TrustedBSD project is obviously an alternative and probably superior approach but we cannot afford to wait for its release. Should anyone be interested in a consortium approach to having FreeBSD being approved for the Australian EPL, or wish to share any advice about this matter, please let me know. Thank you, Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft IP Australia Network Specialist +61 2 6283 3189 +61 2 6281 1353 (FAX) Stanley.Hopcroft@IPAustralia.Gov.AU ------------------------------------------------------------------------ Reclaimer, spare that tree! Take not a single bit! It used to point to me, Now I'm protecting it. It was the reader's CONS That made it, paired by dot; Now, GC, for the nonce, Thou shalt reclaim it not. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message