[ previous ] [ next ] [ threads ]
 From:  Jean Everson Martina <everson at inf dot ufsc dot br>
 To:  Peter Curran <peter at closeconsultants dot com>, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Re: [m0n0wall] Restriction Modifications
 Date:  Mon, 27 Sep 2004 09:12:15 -0300
HI Peter,

	m0n0wall is almost certifiable. The only problems I got were:

- Console protection (patch I have already did)
- Hability to disable remote administratios tool (already patched too)
- Register unsucessfull and sucessfull logins ( I working on it, and I 
having problemsto register the webGui logins. Console ones are ok).
- Register modification (what time, and who did) of significat security 
parameters (firewall rules) (not did, but very easy to do, is just 
implement a logging function and call it inside the firewall webGui pages).

	Probably there are a few more, but with out this I can't even start our 
internal tests for certification.


Peter Curran wrote:
> Chris
> I had a quick look at the ICSA docs on your site, but there is too much for me 
> to look at the detail at the moment.  In your opinion, apart from the console 
> lock-down issue, what else would have to be done to make m0n0 ICSA-compliant?
> Peter
>>With the console open, it would fail this specific ICSA objective:
>>ST1 â Administrative Access Testing â The Candidate Firewall Product
>>must demonstrate through testing that no unauthorized control of its
>>Administrative Functions can be obtained.
>>m0n0wall would be the only non-commercial ICSA certified firewall if
>>the project that's considering paying for it worked out.  I think it
>>would be great for the project, give it some 3rd party credibility.
>>It's not cheap though, at about $25K USD per year to maintain
everson.vcf (0.5 KB, text/x-vcard)
smime.p7s (5.8 KB, application/x-pkcs7-signature)