Cris rote:
>NT 3.5 w/ sp3 is the only currently certified release of NT at the C2 level.
>NT is only C2 certified with NO networking at all.
That is what I thought but was not sure (not even sure what state I'll be in
tomorrow or what country on Friday) since do not have time to verify
exerything.
IMNSHO "C2 in '92" was a good buzzword, but just about all of the serious
attacks I have seen (including the Netscape troubles) are in what is
referred to as "Covert Channels" (see "A Guide To Understanding Covert
Channel Analysis of Trusted Systems" NCSC-TG-030 - the pale pinkish book -
note that this is somewhat different from the original "Orange Book").
These are mechanisms that can convey commands that are not supposed
to convey commands. This like the separation of security from admin (foils
"get root, delete logs" attacks) is not addressed until the B2 level.
Not to belittle C2 but it really has meaning more in the stand-alone/
multiple users environment where controls may be placed on privileges
and access but things such as disk scavenging need not be addressed.
Thus while C2 is nice, I do not consider it adequate for protection from
a directed attack from a network or a low level attack on itself.
Not to say the ring structure of an Intel processor could not be the basis
for a B2 system, just that I put a lot of emphasis on the amount of trust
a vendor has earned through past actions. Does "I wouldn't trust them
to protect a box of used kitty litter" express an opinion to you ?
Warmly,
Padgett
|
|
