Firewalls: RE: summary: firewalls and B2

Firewalls
(July 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: summary: firewalls and B2
From:	Tim Shoemaker <tshoemaker @ normandev . com>
Date:	Thu, 24 Jul 1997 11:42:01 -0400
To:	"'firewalls @ greatcircle . com'" <firewalls @ greatcircle . com>

I have a listing of the products (OS's & Network Components) that are
rated at A1, B1, B2, B3, C1, & C2, and nowhere does it mention what
hardware the OS, etc was running on. The only thing mentioned in the
"Orange Book" is the way that the OS handles security measures. This
pertains to firewalls also in the fact that firewalls must have
contingincies that provide security between two areas, and can be
documented to do so.

If you all are interested, I found the B1, B2, etc. rated products at :

http://www.radium.ncsc.mil/tpep/epl/epl-by-class.htn

Also, you can access the "Orange Book" at :

http://www.iss.net

I read the hardcover version, and also have a printed out version. It
goes over all the classifications, but it must be read from the
beginning because many of the definitions rely on the previous rating.

If you have any questions that I can answer, please let me know.

Tim Shoemaker
Technical Support
Norman Development, USA
http://www.norman.com


> ----------
> From: 	Jim Leo[SMTP:ADMIN @
 everett .
 pitt .
 cc .
 nc .
 us]
> Sent: 	Thursday, July 24, 1997 4:54 AM
> To: 	firewalls @
 greatcircle .
 com
> Subject: 	Re: summary: firewalls and B2
>
> OK,
> 	Sorry I started up...
> <rave>
> 	It's just that the vocabulary varies so widely that information
> gleaning is becoming difficult. If certifications for security rely
> on the combination of hardware & operating system then there is no
> such thing as a 'certified' OS. If the certification depends on
> 'access control' then people should say "NT got a C2 certification
> running on "Platform A" with "configuration B" and no network card
> installed.'
> 	All in all I'm beginning to wonder just exactly what the
> certifcation is worth. I've been playing with NT now for about 6
> months ( versions from 3.5 to 4.0sp3, and Citrix Systems WinFrame)
> now and to be honest I find it simpler to misconfigure the NT systems
> than the Linux & Unixware boxes I maintain. Personally, I think all
> of the security aspects reside in the sysadmin's head. If the
> sysadmin is a 'paranoid' then the system will be relatively secure no
> matter what the OS (business requirements excepting) . I can and will
> if at all possible stop the opportunist ( casual knob twiddling ) but
> I can's secure the door against a 'locksmith' or a battering ram.
>
> </rave>
>
> Jim Leo
> admin @
 everett .
 pitt .
 cc .
 nc .
 us
>

Follow-Ups:

Firewall-1 Limitations...
From: Daniel Rubin <djr @ cb-telam . com>
RE: summary: firewalls and B2
From: "Paul D. Robertson" <proberts @ clark . net>

Indexed By Date	Previous:	Re: summary: firewalls and B2 From: Christopher Curtis <ccurtis @ facm . fit . edu>
Indexed By Date	Next:	FW-1's Failover Gateway.... From: Cihan Subasi <csubasi @ garanti . com . tr>
Indexed By Thread	Previous:	Re: summary: firewalls and B2 From: Leonard Miyata <leonard @ geminisecure . com>
Indexed By Thread	Next:	RE: summary: firewalls and B2 From: "Paul D. Robertson" <proberts @ clark . net>