>
> Guys, C2 according to the orange book doesn't say jack about networking.
> Alright? Go read it, and lets burn this silly discussion .
>
> In other words, it is completely *irrelevant* whether or not you have a
> network. Besides the military's idea of a secured network is...
> an argon filled pipe in a tripple faraday cage... etc etc.. So, if that's
> really what you want to talk about, read the right books and *not* the
> orange book which is about host security only.
>
> Chris
Unfortunately, the Orange Book (TCSEC) is generally misunderstood, as is
the military's point of view of security (well, those in the military who
care and have a brain - and I have met quite a few of them world-wide).
The TCSEC is **not** limited to host security. It was created in the late
70's and early 80's, at a time when networking was still relatively
expensive. In fact, if you look at the TCSEC, you will see quite a bit of
discussion of "export". Translate this into any transfer of information
out of the system (disk, tape, network, terminal), although terminals have
some special handling.
>From my perspective, the most valuable contribution of the TCSEC is the
concept of assurance. Security doesn't come from features - it comes from
proper implementation of features. Any of the readers who have created
software or hardware (or frankly, made about anything) knows the difficulty
involved in completely modeling, designing, implementing, testing,
documenting and maintaining. And yet if all those steps are not performed
correctely, the product will be of relatively lower quality.
I have one sentence that sums up, from my experience, the TCSEC requirements
for B2 and above. "TCSEC high assurance is nothing more than good
software engineering." Whatever the technological advances of the future,
high assurance methodologies can be applied to creating products
incorporating them, so you will have a pretty good diea that the stuff
works out of the box. This includes networking and databases. (Remember,
the TNI and TDI interpret the criteria of the TCSEC as they apply to
networking and databases respectively. They are not a new or extended set
of requirements.)
It should always be kept in mind that the military are operating under very
strict laws and regulations. I acknowledge that there are some - many many
- in the military (and in education and in computer companies ....) who are
just simply jerks. But what if you were responsible for setting up a
computer network in your company where if any of the information passing
along the wires were compromised, you would be fired, fined and blackballed
in the industry, and your company would suffer significant losses. IN THAT
CASE, I bet that you would be pretty proud that you came up with the idea
of a gas filled pipe in which the wires ran so that no one could tap into
your network.
I have had some direct experience with the military regarding
computers. Area B at Wright-Patterson AFB in the early 80's was filled
with very inovative and far-sighted men and women who, other than their
uniforms and haircuts, could have passed at a member of any advanced
computer technology team in the world. They were fun and exciting to work
with. And a little closer to home, my father-in-law, a retired 2-star
general, was responsible for the first major acquisition and use of
computers in the US military - to manage the logistics of the Marshall Plan
in about 1950. He is one of the finest men I know (and he raised a pretty
nice daughter in the bargin!).
Another common misconception is that the military has braindead rules for
no reason and won't change (I think that I once believed that as well!).
'Tain't so. The military would like to have commercial off the shelf
commodity items that provided a high assurance environment, where they
didn't have to pay an arm and a leg for the stuff. Oh yes - they have to
work as well.
Yet ANOTHER common misconception is that military computers are somehow
"special" and different from commercial computers in the threats that they
face. I don't care if the computer is at Citibank headquarters or the
Pentagon, I will break into it in the same manner (assuming the same
system). And I would guess that the information at most companies is of
equal value to the companies survival as the military information is to the
survival of the country. In this day and age, maybe the corporate
information is of greater value in many cases to the survival of the
country.
The government has invested a significant amount of capital in
developing current security technology - all should make use of it.
What doesn't apply doesn't apply. Correctness of operation, integrity
of data, confidentiality of sensitive (competitive, whatever)
information, availability of information and process - all of these are
vitally important to commercial and non-commercial environments alike.
Do you want you hospital care controlled by a low assurance computer?
Do you want your banking transactions handled by a low assurance
system? As Home Alone would say, "I don't think so." :-) The
conventional wisdom that C2 is good enough for the commercial world is
a laugh - I consider it more dangerous in many cases than havhaving no
security in your OS. At least in the latter case, you KNOW you have no
security and hopefully take some measures to guard against threats. If
someone thinks that C2 actually does something effective, then they
might relax their guard, to their own detriment. The base policy of
NSA, the agency that evaluates computer security technology, will not
let anyone get near a C2 or B1 system unless they already have
clearance for ALL information that exists on the system. In other
words, they don't trust the system to function properly.
If you are running a C2 system/firewall with some extra features like
ACLs, you can say "Hey! I've got user accounts and passwords and
auditing and access control lists and I'm just fat and happy. Sure, I
don't know whether or not they work, and they probably don't, and I'm
not protected against the major threats to my systems (viruses and
insiders), but C2 is good enough for me!" Take that statement with you to
your next job interview after your company suffers a major loss, or someone
alters your web page to include pornographic material or false claims or
whatever.
I guess I'm just a high assurance biggot.
--
Jon F. Spencer spencerj @
rtp .
dg .
com (uunet!rtp.dg.com!spencerj)
Data General Corp. Phone : (919)248-6246
62 T.W. Alexander Dr, MS #119 FAX : (919)248-6108
Research Triangle Park, NC 27709 Office RTP 121/9
Reality is an illusion - perception is what counts.
No success can compensate for failure at home.
President David O. McKay
***** UCC 1-207 ********
Follow-Ups:
References:
|
|
