Hi,
> A1 - Verified Design. The highest level demands formal security verification
> methods to ensure that security controls protect classified and other
> sensitive information. Even the National Security Agency cannot break in.
>
> B3 - Security Domains. This level is intended to protect systems from people
> with programming experience.
>
> B2 - Structured Protection. Hackers should not be able to break into a
> system with B2-level security.
>
> B1 - Labeled Protection. At this level, a really good hacker could possible
> break in, but users can't.
>
> C2 - Controlled Access Protection. C2 provides protection for log-in
> procedures, allows auditing of security-relevant events, and offers resource
> isolation.
>
> C1 - Discretionary Protection. This level enables users to set access
> controls to protect private or project information.
>
> D - Minimal Protection. The lowest level is reserved for systems that have
> been evaluated but have failed to meet the requirements for a higher
> evaluation class.
sorry, this is not very usefull... "Users" "Hackers" "peaple with programming
experience" "NSA" is not a usefull (nor realistic) atributation(sp?) for
secrity classes.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels @
Wittumstrasse13 .
76646Bruchsal .
de --
( .. ) ecki @
{lina .
inka .
de,linux.de} http://home.pages.de/~eckes/
o--o *plush* 2048/A2C51749 eckes @
irc +4972573817 *plush*
(O____O) If privacy is outlawed only Outlaws have privacy
Follow-Ups:
-
Re: C2 Myths
From: Leonard Miyata <leonard @
geminisecure .
com>
References:
-
C2 Myths
From: Christopher Klaus <cklaus @
iss .
net>
|
|
