Yes, if your talking of a 'Orange Book' rating, the certification
only involves a single isolated Host.
Microsoft is claiming the ITSEC equivalent of a 'Red Book' C2 rating
which does cover intrusions (DAC, I&A) coming over the Network.
Since the rating is only C2, the question that now needs to be asked is
'What is the limitations of DAC, I&A and Audit of WinNT' since from a
'paranoid' point of view, C2 is really quite limited.
Personal Opinions provided by
Leonard Miyata
Gemini Computers Inc.
On Thu, 13 Mar 1997, Michael S Hines wrote:
>
> I believe the Orange Book ratings revolve around access security and
> activity logging - nothing at all about being proactive with some
> means of Intrusion Detection -- is this correct?
>
> After you have an "incident" you can see what happened... not a lot
> of emphasis on preventing an "incident". Corrrect?
>
> On the other hand, filtering routers and firewalls are designed to
> prevent an "incident"..
>
> Are these views consistent?
>
> Also, the ratings pertain to a box (configured in a particular way)
> on the network - but not an overall evaluation of any particular
> instance of a network. Correct?
>
>
> -----------------------------------------------------------------
> Internet: mshines @
purdue .
edu * Michael S. Hines, CDP, CFE
> Voice: (765) 494-5845 * Sr. Information Systems Auditor
> FAX: (765) 496-1814 * Purdue University
> * 1065 Freehafer Hall
> * West Lafayette, IN 47907-1065
>
References:
-
WinNT and C2
From: "Michael S Hines" <mshines @
purdue .
edu>
|
|
