Firewalls: Re: Is any O.S. w/IP enabled C2 certified?

Firewalls
(August 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Is any O.S. w/IP enabled C2 certified?
From:	spencerj @ dg-rtp . dg . com (Jon Spencer)
Date:	Thu, 1 Aug 1996 21:35:19 -0400 (EDT)
To:	jturner @ loki . aetc . af . mil (John "J.T." Turner - HQ AETC/SCTS)
Cc:	Darwin_Martinez @ ins . com, noorder @ shire . btg . com, firewalls @ greatcircle . com
In-reply-to:	<m0um2FB-0004wzC @ loki . aetc . af . mil> from "John "J.T." Turner - HQ AETC/SCTS" at Aug 1, 96 01:13:00 pm

> 
> > On Aug 1, 11:43am, Darwin Martinez wrote:
> > > Subject: Re: Is any O.S. w/IP enabled C2 certified?
> > > Recall, however, that even though NT/HPUX/etc. may be C@ certified, it is
> > > certified at the box level only, not the network level.
> > >
> > 
> > Correct, but that is because the Orange book definition of C-2 doesn't
> > have any network requirements.  (someone please correct me if I am
> > wrong)  I didn't think that network requirements came into play until
> > the B levels, notably B-1.
> 
> Actually, there is a different book entirely that deals with the network:
> "Trusted Network Interpretation" (NCSG-TG-005) and "Trusted Network
> Interpretation Environments Guideline - Guidance for applying the Trusted
> Network Interpretation" (NCSC-TG-011), commonly known as the "Red Book".
> (As far as which one is the "Red" book, they're both red and essentially
> deal with the same subject.)
> --
> John Turner, jturner @
 loki .
 aetc .
 af .
 mil
> 

The TNI (005) is the Red Book.

The Orange Book deals only with base concepts not specifically addressing
networking or databases at any level (C1-C2-B1-B2-B3-A1).  The TNI gives
the explanation of what it means to apply the TCSEC (Orange) criteria to
networking environments.  Originally, in practice the TNI only applied to
homogeneous networks (basically, all the systems the same).
The B2 and above requirements, especially "covert channels", caused lots of
headaches.  However, they extended this cover real-world situations (i.e.,
networks of different systems).

Note that the only official criteria are stated in the TCSEC, and the TNI
is only an interpretation for networks (and the TDI - Trusted Database
Interpretation - an interpretation for databases, where they have fun
problems associated with aggregation of data and inferences).

So you can have a C2 TCSEC eval or C2 TNI eval or a C2 TDI eval.  We are
in a B2 TNI eval and our partner is in a B2 TDI eval on top of ours.  And
yes, I believe that C2 NT includes IP, but does not include the floppy disk
and lots of other real world things.

-- 
Jon F. Spencer   spencerj @
 rtp .
 dg .
 com  (uunet!rtp.dg.com!spencerj)
Data General Corp.                  Phone : (919)248-6246
62 T.W. Alexander Dr, MS #119       FAX   : (919)248-6108
Research Triangle Park, NC  27709   Office RTP 121/9

	Reality is an illusion - perception is what counts.

	No success can compensate for failure at home.
			President David O. McKay

***** UCC 1-207 ********

Follow-Ups:

Re: Is any O.S. w/IP enabled C2 certified?
From: lists @ lina . inka . de (Bernd Eckenfels)

References:

Re: Is any O.S. w/IP enabled C2 certified?
From: jturner @ loki . aetc . af . mil (John "J.T." Turner - HQ AETC/SCTS)

Indexed By Date	Previous:	Re: Is any O.S. w/IP enabled C2 certified? From: spencerj @ dg-rtp . dg . com (Jon Spencer)
Indexed By Date	Next:	RE: Sidewinder Versus EagleRaptor From: Russ <Russ . Cooper @ RC . Toronto . on . ca>
Indexed By Thread	Previous:	Re: Is any O.S. w/IP enabled C2 certified? From: jturner @ loki . aetc . af . mil (John "J.T." Turner - HQ AETC/SCTS)
Indexed By Thread	Next:	Re: Is any O.S. w/IP enabled C2 certified? From: lists @ lina . inka . de (Bernd Eckenfels)