| Not a naive question -- or I may be reading into your inquiry more than
is there (paranoia?? me????)
1. If you feel concern that, by supporting ping, MLS+ systems leave
themselves vulnerable to "discovery" by systems out there trying
to find you and attempt to break in, then:
a. Note that you can turn off "node recognition". In MLS+ V2,
invisibility was the norm. In V3 and V4 you can make
it so. A V2 MLS+ system discarded net traffic from any system
that did not have a valid entry in its local TNETRHDB file.
V3 and V4 provide a "default" entry so that you do not have
to have a specific entry for every system that is allowed to
send you traffic -- but you can eliminate the default (system
is shipped with a default defined :-o) or limit it to
local IP address classes.
b. Use a firewall. This is true whether you are vanilla or
MLS+ if you want to hide nodes. Gateways can also screen
traffic.
2. If you are concerned about ICMP redirect (instead of just ICMP echo)
then you should be able to just use fixed arp values. True for
vanilla too.
3. If you are concerned about turning off IP_FORWARDING, patch
your kernel and turn it off. (At least that was the way Andy
figured to do it in V2. It may be a configurable kernel option
in V3 or V4 for all I know.)
(ref: eft_mls 276)
|
| Oh, yes, John thanks for reminding me :-)
> If you feel concern that, by supporting ping, MLS+ systems
^^^^^^^^^^
In V3 and V4, ping is a "trusted" application, i.e., an unprivileged
user can issue the command, provided that the user has been given the
"ping" command authorization.
In V2 MLS+ ping had not been modified to be a "trusted" application,
but it was available to the privileged user. An unprivileged user
could not by default issue the ping command (if you wanted unprivileged
users to issue ping, you'd have to give ping itself a granted priv).
In either case, a user on an MLS+ system cannot issue the ping command
unless allowed to do so by the system administrator/ISSO.
So yes, it is truly supported.
(In my earlier reply I was thinking that you meant the other way
around, i.e., does an MLS+ system respond to a ping from another
system: respond with an ICMP echo reply when it gets an ICMP echo
request from another system.)
|