|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Windows NT 4.0 and C2 - New certs
Subject: Re: Windows NT 4.0 and C2 - New certs
From: Paul L Schmehl (pauls
UTDALLAS.EDU)
Date: Fri Dec 03 1999 - 16:49:30 CST
- Next message: Scott Morizot: "Re: Windows NT 4.0 and C2 - New certs"
- Previous message: Arthur B.: "Re: Windows NT 4.0 and C2 - New certs"
- In reply to: Kevin_E_WetzelNOTES.TCS.TREAS.GOV: "Re: Windows NT 4.0 and C2 - New certs"
- Next in thread: John Howie: "Re: Windows NT 4.0 and C2 - New certs"
- Next in thread: Scott Morizot: "Re: Windows NT 4.0 and C2 - New certs"
- Next in thread: Anonymous Anonymous: "Re: Windows NT 4.0 and C2 - New certs"
- Reply: Paul L Schmehl: "Re: Windows NT 4.0 and C2 - New certs"
- Reply: John Howie: "Re: Windows NT 4.0 and C2 - New certs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is a common misperception which is repeated by *nix lovers over and
over again. NT 3.51 received C2 cert *for the OS*, a setup which is very
common and which a number of *nixes have also received. (Most certified
*nix systems are either C2/OS or B1/OS.) It's simply easier and less work
(and cost) to get certified that way than it is to certify an entire
network.
AAMOF, the only *networking* system that I'm aware of having received a C2
cert is Novell's Netware 4 system. I know that Boeing Corp received an A1
cert for their entire network, an accomplishment that is very rare.
Furthermore, for an entire network system to be C2 certified, it would have
to have the *exact same* hardware and configuration, down to the network
interface cards, the switches, etc., that the qualifying OS had when it
received the certification, something which is next to impossible to
sustainably achieve.
As to whether or not NT 4.x is *actually capable* of C2 level security, I
guess you would have to question the government agency that does the
certification. Apparently *they* thought it was. Or perhaps you believe
they're willing to hand out certs in return for favors?
No OS is secure out of the box. They have to be configured carefully to
get a C2 cert.
Paul L. Schmehl, paulsutdallas.edu
Technical Support Services Manager
The University of Texas at Dallas
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Scott Morizot: "Re: Windows NT 4.0 and C2 - New certs"
- Previous message: Arthur B.: "Re: Windows NT 4.0 and C2 - New certs"
- In reply to: Kevin_E_WetzelNOTES.TCS.TREAS.GOV: "Re: Windows NT 4.0 and C2 - New certs"
- Next in thread: John Howie: "Re: Windows NT 4.0 and C2 - New certs"
- Next in thread: Scott Morizot: "Re: Windows NT 4.0 and C2 - New certs"
- Next in thread: Anonymous Anonymous: "Re: Windows NT 4.0 and C2 - New certs"
- Reply: Paul L Schmehl: "Re: Windows NT 4.0 and C2 - New certs"
- Reply: John Howie: "Re: Windows NT 4.0 and C2 - New certs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Fri Dec 03 1999 - 18:16:02 CST