[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
C2 rating of NT
Date: Thu, 21 Mar 1996 08:09:14 -0500 (EST)
From: Mark Aldrich <[email protected]>
To: [email protected]
Subject: Re: your mail
On Wed, 20 Mar 1996 [email protected] wrote:
<snip>
>
> Basically, I'm now questioning the C2 rating of Windows NT. The
> entire security layer is modular to the Kernel. As a modular
> driver, it can be removed, rewritten, and replaced.
>
> So, what makes it secure? What gives it the C2 Rating? How would
> one go about getting a C2 rating?
Politics make it C2. The DoD mandated, years ago, that all their OSs had
to go to the C2 level of trust. Further, they had also mandated POSIX
compliance in just about every procurement that they had to publish in CBD.
Well, they then proceeded to ignore their own policy and they bought MS
DOS all over the damn place because everyone wanted the stuff just like
they have at home. You can't play DOOM on SCO UNIX, ya know...
So, in order to not look like a bunch of incoherent IRM loosers, they
effectively forced the C2 and POSIX compliance stickers onto Windows NT
even though everyone (including some nameless NCSC personnel with whom
I've spoken) clearly state that C2/POSIX and MS Windows NT is an
oxymoron. Now everyone can claim to be running C2 and POSIX systems,
even though, by admission of MS, you can't have NT configured for both at
the same time.
Duhhhhhh...
-------------------------------------------------------------------------
| Liberty is truly dead |Mark Aldrich |
| when the slaves are willing |GRCI INFOSEC Engineering |
| to forge their own chains. |[email protected] |
| STOP THE CDA NOW! |[email protected] |
|_______________________________________________________________________|
|The author is PGP Empowered. Public key at: finger [email protected] |
| The opinions expressed herein are strictly those of the author |
| and my employer gets no credit for them whatsoever. |
-------------------------------------------------------------------------