C2 security seems basically worthless. You can't have any network, and if
a perpetrator has physical access to the machine, he/she can just boot
off a floppy to read your files.
So, if you can't use it with a network as a file server, and if it's
easily compromised with physical access to the machine, what is a
practical example of where C2 is actually useful?
*Opinions my own*
On Wed, 25 Sep 1996, Joseph S. D. Yao wrote:
> Much has been made of NT's "C2" certification. I've heard that it was
> certified without the standard NT file system; and with that file
> system, it can't be certified. Beware.
It will only comply with C2 standards if you are using the NTFS file
system (not FAT or HPFS) and, of course, as a stand-alone machine after
service pack X (7?) is applied with some other holes closed.
[ Bruce M. - Feist Systems, Inc. ]
'DISA information shows that computer attacks on the
Department of Defense are successful 65 percent of the time.
The DoD, despite its problems, probably has one of the strongest
computer security programs in government.' -GAO/T-AIMD-96-108