In article <006e01bead58$79709060$[EMAIL PROTECTED]>,
Don Kelloway <[EMAIL PROTECTED]> wrote:
>But IMO, I think people are either forgetting or overlooking the fact that
>the Windows NT4 op/sys can be made "C2" and "E3/F-C2" secure
IIRC, the only version of NT that has been evaluated to be "C2" secure is
a specific version of NT 3.5, with flopy drives and NETWORK PORTS removed.
This C2 rating has no relevance to either NT 4.0 or to firewalls.
>"E3/F-C2" is widely acknowledged to be the highest ITSEC evaluation rating
>that can be achieved by a general-purpose operating system and "C2" is
>widely acknowledged to be the highest TCSEC evaluation rating that can be
>achieved by a general-purpose operating system.
C2 is about the lowest TCSEC rating that's worth actually paying attention
to. Apart from the auditing requirements, a plain vanilla Linux box could
meet C2 if it were evaluated, and if you turn on enough NT audit logs to be
worth anything you've just added another layer of instability to the system,
because NT falls over when they fill up.
For a firewall, these ratings only become interesting when you look at
the B ratings and the compartmentalization they bring. Below that, whether
the firewall OS is "rated" or not is almost irrelevant.
--
In hoc signo hack, Peter da Silva <[EMAIL PROTECTED]>
`-_-' Ar rug t� barr�g ar do mhact�re inniu?
'U` "Be vewy vewy quiet...I'm hunting Jedi." -- Darth Fudd
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
