On Wed, 2 Jun 1999, Don Kelloway wrote:
> But IMO, I think people are either forgetting or overlooking the fact that
> the Windows NT4 op/sys can be made "C2" and "E3/F-C2" secure and that the
1. C2 doesn't mean much at all, executive summary is "Have to log on to
access the system and it logs that fact." Discretionary access control
isn't exactly rocket-science.
Right from the evaluation report itself:
The TOE implements all of the security enforcing features of Functionality
Class F-C2 defined in Scheme Information Notice (SIN) No. 053 [k] which is
based on TCSEC [j] Class C2 requirements. These features are:
a. mandatory identification and authentication of all users;
b. Discretionary Access Control (DAC);
c. accountability and auditing; and
d. object reuse.
2. Trusted Solaris has E3/F-B1, does that make it a better firewall
platform?
3. The NT 3.51 evaluation was used as a basis for the ITSEC certification.
According to the ISEC report, the new SEFs evaluated provide:
a. simplified user administration by supporting the configuration of an
initial user profile (covering facilities available to the user)
established the first time a user logs onto the TOE; and
b. simplified system administration by providing a 'system policy'
that can be used to configure a number of machines.
Big firewalling properties there! To be fair, they did peek at a few
lines of code including some that were previously evaluated.
[off-topic aside follows]
Dredging up the 3.51 report shows an interesting requirement
p. Each domain and computer within a domain shall be assigned a unique
name.
[end of off-topic aside]
The 3.51 evaluation also states the system is supposed to protect against
access by untrusted Workstations or Domain Controllers, but we've
historicly had Linux boxes with SAMBA take over and refuse to relinquish
the PDC role accidently in the past and 3.51 had the whole LM hash
problem.
> "E3/F-C2" is widely acknowledged to be the highest ITSEC evaluation rating
> that can be achieved by a general-purpose operating system and "C2" is
Define "general-purpose operating system" and describe how DG/UX at
_Red_Book_ *B2* doesn't meet that criteria. (The Red Book includes
trusted networking for those following along) Security starts at B1, and
assurance is really B2 and up.
The gulf between C2 and B2 is far and wide and includes a source code
review of the Trusted Computing Base.
> widely acknowledged to be the highest TCSEC evaluation rating that can be
> achieved by a general-purpose operating system.
Firewalls aren't general-purpose computing functions, so I'm not sure the
argument isn't specious anyway.
The Common Criteria seem to me to be the ISO-9000 of evaluations.
Correct me if I'm wrong, but under ITSEC and the CC doesn't the
evaluation team run tests specified/developed by the manufacturer?
I have a much higher general assurance of the TCSEC at B2 and above.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
