Security with BrickHouse
PRODUCT:
BrickHouse
By Brian Wilson
The BrickHouse Web-server appliance, from SAGE of Amarillo, TX, provides Web, FTP, and email services on a platform designed to be immune to most external attacks.
BrickHouse is aimed at small shops that host their own Web server, but don't want to worry about anyone breaking into their sites. Most likely, these are shops that do not have the resources to secure the server themselves. Fortunately, BrickHouse does most of the work.
The BrickHouse Web server will deliver HTML pages, but as of this version (Beta 1.1.3) it doesn't support CGI scripting, SSL encryption, or virtual hosting (multiple domain names). These features are all planned for a future version of the product targeted at ISPs.
The SAGE approach to security design is twofold. Its process-based security (PBS) model is based on a modified Linux kernel. The PBS system relies on checking the digital signature of each process before it is executed, and by constraining each process with a set of rules that determine what system resources it's allowed to use. By contrast, security in a conventional Linux kernel is user-based—if you can fool the kernel into thinking your process is running as "root," it is given full access to all system resources.
The second part of the security model is that BrickHouse is stripped down to only the essential components necessary for operation.
