|
(Page 2 of 2) < Prev 1 2 Category: Access Control » Mandatory Access Control my-swatch Added 2003-02-24 my-swatch pretends to be an implementation of msyslog and swatch together. What it pretends to accomplish is put all together, to log events to a remote database (like msyslog), and to awake triggers (like swatch). When a certain condition occurs you can be notified by email and awake certain events, like play a sound. You can also log the event to a remote database and use a Web browser to surf through the logs. Horatio: Authenticated Network Access Added 2002-04-15 The Horatio system is a firewall authentication tool. The premise: legitimate users want to attach laptops and other mobile hosts to the network, but security demands that illegitimate users be prevented from accessing the internal, secure network and from abusing the general Internet. The approach taken by Horatio is to provide a separate, untrusted network that only connects to the internal network (and thus to the Internet) through a firewall that by default does not pass any traffic. When a legitimate user connects his or her host, it is assigned an address by a DHCP server (such as dhcpd), but is unable to contact anything outside the untrusted network. The user must point a Web browser at the Horatio web server, which runs on the firewall machine, and provide a username and password. Once the username and password have been validated, the firewall rules are modified to allow the host access to the rest of the network. DeviceLock Millennium Edition Added 2002-03-27 DeviceLock Me gives network administrators control over which users can access what removable devices (floppies, Magneto-Optical disks, CD-ROMs, ZIPs, etc.) on a local computer. Once DeviceLock Me is installed, administrators can control access to floppies, CD-ROMs or any other device, depending on the time of day and day of the week. DeviceLock Me enhances access control for Windows System Administrators and helps control removable disk usage. It can protect network and local computers against viruses, trojans and other malicious programs often injected from removable disks. Network administrators can also use DeviceLock Me to flush a storage device's buffers. Remote control is also available. Linux IDS Patch (LIDS) Added 2001-10-22 LIDS is a kernel patch and admin tool to enhance the linux kernel security and the implementation of reference monitor in kernel while giving mandatory access control in the kernel LOMAC Added 2001-10-22 The LOMAC Loadable Kernel Module is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. Versions for single-CPU Linux 2.0 and 2.2 kernels are available under the GPL. The LOMAC prototype is still only partially complete, and should be used for experimental purposes only at this time. B1 Sample Source Code Added 2001-10-22 This source code provides a sample implementation of a B1 rated trusted system. This project is aimed squarely at developers interested in implementing trusted systems, the code that comprises this release will not work, it wont even compile. It is provided soley as a reference base for interested parties to investigate. The code has been extracted from the Trusted Irix product and provides an implementation of Manditory Access Control (MAC), Capabilities, Access Control Lists (ALCs), an Audit Trail and supporting networking code, such as netinet, netstat, nfs. The code comprises, kernel code, library code and application code, along with man pages and design and specification documents. Browse by category |
|
|
Privacy Statement |
