[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NT's C2 rating

To: [email protected]
Subject: Re: NT's C2 rating
From: David Loysen <[email protected]>
Date: Thu, 21 Mar 1996 10:21:16 -0800
Sender: [email protected]

At 04:53 AM 3/21/96 -0800, you wrote:
>> Basically, I'm now questioning the C2 rating of Windows NT.  The 
>> entire security layer is  modular to the Kernel.  As a modular 
>> driver, it can be removed, rewritten, and replaced.   
>
>Good questioning.
> 
>> So, what makes it secure?  What gives it the C2 Rating?  How would 
>> one go about getting a C2 rating?
>
>The fine print says its insecure as soon as its connected to a network. 

Ain't nothing fine about that print. An operating system or piece of
hardware may be C2 certifiable. But only a complete system in a specific
configuration can be certified as C2 compliant. The way I read the orange
book, no system with a network connection can ever be C2. For that matter a
system can't get C2 unless it is in an area where you can control and
monitor physical access to the system.

So if you can't hack it over the wire, and you can't remove, rewrite and
replace the kernel because you can't get near the keyboard what's the problem?

[email protected]		
David Loysen		
619-546-8877 x245

Follow-Ups:
- Re: NT's C2 rating
  - From: Derek Atkins <[email protected]>
- Re: NT's C2 rating
  - From: Mark Aldrich <[email protected]>

Prev by Date: Cypherpunk Enquirer Request
Next by Date: New FBI Spy
Prev by thread: Re: NT's C2 rating
Next by thread: Re: NT's C2 rating
Index(es):
- Date
- Thread