To get even closer to the mark, NT 3.51, standalone, with a book full of
registry changes was certified C2. (This book is available through M$ft btw)
Wayde R. York
[EMAIL PROTECTED]
Web http://www.eds-dlct.com
PGP Key http://pgpkeys.mit.edu:11371
> -----Original Message-----
> From: Lamb Donald [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, June 23, 1999 6:06 PM
> To: David Markle
> Cc: 'Michael.Owen'; 'firewalls'; 'Peter.Kunz'
> Subject: Re: C2 Security
>
> I believe the National Computer Security Center certified MS Windows NT
> 3.5.1 as C2.....in a standalone system configuration.
>
> David Markle wrote:
> >
> > I really think MS wanted to certify 3.51 with the DoD so they could sell
> > the OS to DoD. The DoD was a large, available market and MS$ft wanted
> it
> > all. I also believe that it was an advertising scheme to bring more
> > customers into their monopoly. Even though the more technical
> engineering
> > person knew better, the decision maker was swayed by the term C2 - WOW.
> >
> > Just my thoughts, though, and I know we are digressing.
> >
> > -----Original Message-----
> > From: Michael.Owen [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, June 23, 1999 11:34 AM
> > To: David.Markle
> > Cc: Michael.Owen; firewalls; Peter.Kunz
> > Subject: RE: C2 Security
> >
> > > We are discussing the US government classification of security levels
> > > DoD levels pertaining to the "Orange Book", written by the US
> > > Department of
> > > Defense, and NSA criteria pertaining to the "Red Book". To be
> > > specific,
> > > Microsoft requested a C2 certifiable security level
> > > from-specifically-the
> > > DoD.
> >
> > Ah. I wasn't aware that in addition to the ITSEC E3 F-C2 certification,
> > they had gone to the DoD for another "possibility of" certification.
> > This strikes me as odd, given that I thought the US Gov't recognised
> > ITSEC classifications, but whatever.
> >
> > Actually, I just checked Microsoft's website, and if you look at
> >
> > http://www.microsoft.com/NTServer/security/exec/feature/c2_security.asp
> >
> > They say that they're currently having NT 4.0 evaluated for
> certification
> > in the TPEP program by SAIC. (This is a full evaluation, not any sort of
> > "hypothetical" one.)
> > (As I'm sure you know, the TPEP program is the NSA sponsored product
> > evaluation scheme which is used for all commercial products being sold
> > to the US government.)
> >
> > (I've read bits of the Orange book, btw, and I agree - it's boring.)
> >
> > > I, absolutely think that better, more robust, standards should
> > > be
> > > devised for the public sector regarding security.
> > > What you say may be true of other nations, however.
> >
> > ITSEC standards are recognied by most of Europe, Canada, and the United
> > States, and are fairly widely used. Trusted Solaris 2.5.1, for example,
> is
> > ITSEC certified. Checkpoint Firewall-1 is ITSEC certified. We're not
> > talking
> > exotic UK only specs here. ;-)
> >
> > None of this changes the fact that most people who understand
> > certification seem impressed by Microsoft's non-networked certificates.
> > (Which was the original point we've been saying over and over, I
> think..)
> >
> > cheers,
> >
> > Michael
> >
> > [EMAIL PROTECTED]
> >
> > << File: RE_ C2 Security.TXT >>
> >
> >
> ------------------------------------------------------------------------
> >
> > Part 1.2 Type: application/ms-tnef
> > Encoding: base64 << File: Card for Donald Lamb >>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
