Well, since we have the attention of all NT'ers now I have a quick question:
Is there a better way to delete the unwanted shares like c$, d$, admin$
etc... than running a DOS batch file every time an admin logs in?
Thanks
Jean Morissette
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Paul D. Robertson
> Sent: Thursday, June 03, 1999 8:08 AM
> To: Don Kelloway
> Cc: [EMAIL PROTECTED]
> Subject: Re: Why not NT?
>
>
> On Wed, 2 Jun 1999, Don Kelloway wrote:
>
> > But IMO, I think people are either forgetting or overlooking
> the fact that
> > the Windows NT4 op/sys can be made "C2" and "E3/F-C2" secure
> and that the
>
> 1. C2 doesn't mean much at all, executive summary is "Have to log on to
> access the system and it logs that fact." Discretionary access control
> isn't exactly rocket-science.
>
> Right from the evaluation report itself:
>
> The TOE implements all of the security enforcing features of
> Functionality
> Class F-C2 defined in Scheme Information Notice (SIN) No. 053
> [k] which is
> based on TCSEC [j] Class C2 requirements. These features are:
>
> a. mandatory identification and authentication of all users;
>
> b. Discretionary Access Control (DAC);
>
> c. accountability and auditing; and
>
> d. object reuse.
>
> 2. Trusted Solaris has E3/F-B1, does that make it a better firewall
> platform?
>
> 3. The NT 3.51 evaluation was used as a basis for the ITSEC
> certification.
> According to the ISEC report, the new SEFs evaluated provide:
>
> a. simplified user administration by supporting the
> configuration of an
> initial user profile (covering facilities available to the user)
> established the first time a user logs onto the TOE; and
>
> b. simplified system administration by providing a 'system policy'
> that can be used to configure a number of machines.
>
> Big firewalling properties there! To be fair, they did peek at a few
> lines of code including some that were previously evaluated.
>
> [off-topic aside follows]
>
> Dredging up the 3.51 report shows an interesting requirement
>
> p. Each domain and computer within a domain shall be assigned a unique
> name.
>
> [end of off-topic aside]
>
> The 3.51 evaluation also states the system is supposed to protect against
> access by untrusted Workstations or Domain Controllers, but we've
> historicly had Linux boxes with SAMBA take over and refuse to relinquish
> the PDC role accidently in the past and 3.51 had the whole LM hash
> problem.
>
> > "E3/F-C2" is widely acknowledged to be the highest ITSEC
> evaluation rating
> > that can be achieved by a general-purpose operating system and "C2" is
>
> Define "general-purpose operating system" and describe how DG/UX at
> _Red_Book_ *B2* doesn't meet that criteria. (The Red Book includes
> trusted networking for those following along) Security starts at B1, and
> assurance is really B2 and up.
>
> The gulf between C2 and B2 is far and wide and includes a source code
> review of the Trusted Computing Base.
>
> > widely acknowledged to be the highest TCSEC evaluation rating
> that can be
> > achieved by a general-purpose operating system.
>
> Firewalls aren't general-purpose computing functions, so I'm not sure the
> argument isn't specious anyway.
>
> The Common Criteria seem to me to be the ISO-9000 of evaluations.
> Correct me if I'm wrong, but under ITSEC and the CC doesn't the
> evaluation team run tests specified/developed by the manufacturer?
>
> I have a much higher general assurance of the TCSEC at B2 and above.
>
> Paul
> ------------------------------------------------------------------
> -----------
> Paul D. Robertson "My statements in this message are
> personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
> PSB#9280
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
