I think there's a reg-hack for it, but I can't remember what it is. Check
one of the NT newsgroups.
Brian Steele
-----Original Message-----
From: Jean Morissette <[EMAIL PROTECTED]>
To: Paul D. Robertson <[EMAIL PROTECTED]>; Don Kelloway
<[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, 11 June, 1999 3:12 PM
Subject: RE: Why not NT?
>Well, since we have the attention of all NT'ers now I have a quick
question:
>
>Is there a better way to delete the unwanted shares like c$, d$, admin$
>etc... than running a DOS batch file every time an admin logs in?
>
>Thanks
>Jean Morissette
>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of Paul D. Robertson
>> Sent: Thursday, June 03, 1999 8:08 AM
>> To: Don Kelloway
>> Cc: [EMAIL PROTECTED]
>> Subject: Re: Why not NT?
>>
>>
>> On Wed, 2 Jun 1999, Don Kelloway wrote:
>>
>> > But IMO, I think people are either forgetting or overlooking
>> the fact that
>> > the Windows NT4 op/sys can be made "C2" and "E3/F-C2" secure
>> and that the
>>
>> 1. C2 doesn't mean much at all, executive summary is "Have to log on to
>> access the system and it logs that fact." Discretionary access control
>> isn't exactly rocket-science.
>>
>> Right from the evaluation report itself:
>>
>> The TOE implements all of the security enforcing features of
>> Functionality
>> Class F-C2 defined in Scheme Information Notice (SIN) No. 053
>> [k] which is
>> based on TCSEC [j] Class C2 requirements. These features are:
>>
>> a. mandatory identification and authentication of all users;
>>
>> b. Discretionary Access Control (DAC);
>>
>> c. accountability and auditing; and
>>
>> d. object reuse.
>>
>> 2. Trusted Solaris has E3/F-B1, does that make it a better firewall
>> platform?
>>
>> 3. The NT 3.51 evaluation was used as a basis for the ITSEC
>> certification.
>> According to the ISEC report, the new SEFs evaluated provide:
>>
>> a. simplified user administration by supporting the
>> configuration of an
>> initial user profile (covering facilities available to the user)
>> established the first time a user logs onto the TOE; and
>>
>> b. simplified system administration by providing a 'system policy'
>> that can be used to configure a number of machines.
>>
>> Big firewalling properties there! To be fair, they did peek at a few
>> lines of code including some that were previously evaluated.
>>
>> [off-topic aside follows]
>>
>> Dredging up the 3.51 report shows an interesting requirement
>>
>> p. Each domain and computer within a domain shall be assigned a unique
>> name.
>>
>> [end of off-topic aside]
>>
>> The 3.51 evaluation also states the system is supposed to protect against
>> access by untrusted Workstations or Domain Controllers, but we've
>> historicly had Linux boxes with SAMBA take over and refuse to relinquish
>> the PDC role accidently in the past and 3.51 had the whole LM hash
>> problem.
>>
>> > "E3/F-C2" is widely acknowledged to be the highest ITSEC
>> evaluation rating
>> > that can be achieved by a general-purpose operating system and "C2" is
>>
>> Define "general-purpose operating system" and describe how DG/UX at
>> _Red_Book_ *B2* doesn't meet that criteria. (The Red Book includes
>> trusted networking for those following along) Security starts at B1, and
>> assurance is really B2 and up.
>>
>> The gulf between C2 and B2 is far and wide and includes a source code
>> review of the Trusted Computing Base.
>>
>> > widely acknowledged to be the highest TCSEC evaluation rating
>> that can be
>> > achieved by a general-purpose operating system.
>>
>> Firewalls aren't general-purpose computing functions, so I'm not sure the
>> argument isn't specious anyway.
>>
>> The Common Criteria seem to me to be the ISO-9000 of evaluations.
>> Correct me if I'm wrong, but under ITSEC and the CC doesn't the
>> evaluation team run tests specified/developed by the manufacturer?
>>
>> I have a much higher general assurance of the TCSEC at B2 and above.
>>
>> Paul
>> ------------------------------------------------------------------
>> -----------
>> Paul D. Robertson "My statements in this message are
>> personal opinions
>> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
>>
>> PSB#9280
>>
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
