Rabid Wombat wrote:
>
> On Thu, 5 Sep 1996, Jon Spencer wrote:
>
> > > Of course C2 security is better than no security, but C2 was never
> >
> > Welll ....... it is if you understand its limitations. Otherwise ...
> >
>
> WTH does C2 security have to do with a system that should not have any
> user accounts on it, no user access to it?
Nothing. But, it is a good buzzword that can be thrown around to make
it look like you know what you are talking about, when, in fact, if you
run the full suite of C2, you probably have opened up more holes in your
os than if you actually ran a stripped-down, tightly configured, and
heavily controlled system environment.
But C2 is some sort of magic talisman for security. Like MTBE is a good
oxygenate for gasoline. It impresses those that don't know any better.
Of course, if you don't run the system EXACTLY as the qualification
suite specified, the system is not rated at the level you think you are.
--
Bryan D. Boyle | EMAIL: bdboyle @
erenj .
com 908-730-3338
#include <disclaimer> | http://www.access.digex.net/~bdboyle/index.html
"They that can give up liberty to obtain a little temporary safety
deserve neither liberty nor safety." - Benjamin Franklin,
Historical Review of Pennsylvania
Follow-Ups:
References:
|
|
