just a quick question about these acronyms thing? Were those configuration tested on
standalone systems???
Sorry for my ignorance, just going by what I think I read once!
Enlighten me please.
Jean Morissette
MCNE
MCSE
-----Original Message-----
From: Don Kelloway [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, June 02, 1999 8:32 PM
To: [EMAIL PROTECTED]
Subject: Re: Why not NT?
Sure, I think we can all agree that an "out-of-the-box" default NT
installation is far from being considered secure.
But IMO, I think people are either forgetting or overlooking the fact that
the Windows NT4 op/sys can be made "C2" and "E3/F-C2" secure and that the
installation of a properly configured NT-based firewall on top of such a
system can provide an equally solid, stable, security solution as any
other...
For those who aren't familiar with the acronyms mentioned above:
"E3/F-C2" is widely acknowledged to be the highest ITSEC evaluation rating
that can be achieved by a general-purpose operating system and "C2" is
widely acknowledged to be the highest TCSEC evaluation rating that can be
achieved by a general-purpose operating system.
With regards to NT4's "E3/F-C2" compliance, here's a brief summary:
On April 28th, 1999, the UK Government announced that Microsoft� Windows NT�
Server and Workstation 4.0 had completed a successful evaluation under the
ITSEC regime at the E3/F-C2 level. E3/F-C2 is widely acknowledged to be the
highest ITSEC evaluation rating that can be achieved by a general-purpose
operating system.
For the rest, see http://www.microsoft.com/security/issues/e3fc2summary.asp
Although NT4 is in the process of achieving C2 certification, here's a brief
summary:
On October 2nd, 1998, Microsoft completed a significant milestone in the
evaluation of Microsoft� Windows NT� Server and Workstation 4.0 against the
C2 requirements of the US Government's Trusted Computer System Evaluation
Criteria (TCSEC). C2 is widely acknowledged to be the highest TCSEC
evaluation rating that can be achieved by a general-purpose operating
system.
For the rest, see http://www.microsoft.com/security/issues/c2summary.asp
In closing and for those who may be unaware, there *are* established
procedures available to insure that the NT4 op/sys can be made ITSEC E3/F-C2
compliant. Just download the following document at
http://www.microsoft.com/security/downloads/ITSEC_NT4.0_Installation.EXE
Best Regards,
Donald Kelloway
Escalations Engineer
Elron Software, Internet Products Division
One Cambridge Center, 11th Floor
Cambridge MA 02142
800-767-6683 or 617-914-5000
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
