TCSEC and firewalls

Magosanyi Arpad (magbunuel.tii.matav.hu)
Mon, 28 Jun 1999 10:07:49 +0200

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Dan White: "add me to your mailing list pls"
• Previous message: David C Niemi: "RE: Firewall performance"
• Next in thread: LeGrow, Matt: "RE: TCSEC and firewalls"
• Maybe reply: LeGrow, Matt: "RE: TCSEC and firewalls"
• Reply: Rick Smith: "Re: TCSEC and firewalls"

Hi!

I have just read the TCSEC interpretation for a networked environment.
(The document called NCSC-TG-005)

There are some questions left (maybe I was not read carefully enough):

-What is the DAC functionality regarding a firewall? Is the ability of
the firewall administrator to define the access list for a communication
channel is the DAC functionality? Or is it completely outside the
scope of network perimeter defense?

-Is it sensible for a data to have different labels in different points
of the transmission path depending on the properties of the transmission medium?

-How would you define the MAC labels' non-hierarchical categories part
in a corporate environment? Should they refer to the organizational units?
Should they refer to some aspects of the IT infrastructure (and then how they
glued into a comprehensive representation in the level of the corporate NTCB)?

-There are only vague references to cryptography in the document. How should
I express (in the terms of TCSEC) the need that the protection of the
transmitted data should be proportional to its sensitivity label in the
whole transmission path either by cryptography or phisical security?

-- 
GNU GPL: csak tiszta forrásból

• Next message: Dan White: "add me to your mailing list pls"
• Previous message: David C Niemi: "RE: Firewall performance"
• Next in thread: LeGrow, Matt: "RE: TCSEC and firewalls"
• Maybe reply: LeGrow, Matt: "RE: TCSEC and firewalls"
• Reply: Rick Smith: "Re: TCSEC and firewalls"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:01 CDT