> Date: Tue, 3 Sep 1996 17:01:13 -0700 (PDT)
> From: Robert Hanson <roberth @
cet .
com>
>
> what is intended for "strong" protection then? tia...
About 5 years ago I wrote a short paper entitled "The Myths of C2" which
discussed the misconception about what C2 really is. I'll dig it up and
post it if anyone wants it.
The bottom line is that C2 is designed for one of these two environments:
1) a hardened, restricted environment where everyone on the system or
connected to the system is authorized to see all information on the system,
such as at a military site, or
2) the system and its information is sufficiently unimportant so that
the users are trusted to decide who gets access to what.
Of course C2 security is better than no security, but C2 was never
"designed for commercial use" as is sometimes written in articles and
email. If you are in an environment where the system administrators
want to *enforce* security on the users, B1 and higher security features
are needed. But remember, none of the TCSEC ("Orange Book") security
levels were designed for anything other than military/government use.
It just happens that a lot of the security they specify is general-
purpose and works well in all kinds of environments.
paul
------------------------------------------------------------
Paul McNabb mcnabb @
argus .
cu-online .
com
Argus Systems Group, Inc. TEL 217-384-6300
1405A East Florida Avenue FAX 217-384-6404
Urbana, IL 61801 USA
------------------------------------------------------------
Follow-Ups:
|
|
