I have a listing of the products (OS's & Network Components) that are
rated at A1, B1, B2, B3, C1, & C2, and nowhere does it mention what
hardware the OS, etc was running on. The only thing mentioned in the
"Orange Book" is the way that the OS handles security measures. This
pertains to firewalls also in the fact that firewalls must have
contingincies that provide security between two areas, and can be
documented to do so.
If you all are interested, I found the B1, B2, etc. rated products at :
Also, you can access the "Orange Book" at :
I read the hardcover version, and also have a printed out version. It
goes over all the classifications, but it must be read from the
beginning because many of the definitions rely on the previous rating.
If you have any questions that I can answer, please let me know.
Norman Development, USA
> From: Jim Leo[SMTP:ADMIN @
> Sent: Thursday, July 24, 1997 4:54 AM
> To: firewalls @
> Subject: Re: summary: firewalls and B2
> Sorry I started up...
> It's just that the vocabulary varies so widely that information
> gleaning is becoming difficult. If certifications for security rely
> on the combination of hardware & operating system then there is no
> such thing as a 'certified' OS. If the certification depends on
> 'access control' then people should say "NT got a C2 certification
> running on "Platform A" with "configuration B" and no network card
> All in all I'm beginning to wonder just exactly what the
> certifcation is worth. I've been playing with NT now for about 6
> months ( versions from 3.5 to 4.0sp3, and Citrix Systems WinFrame)
> now and to be honest I find it simpler to misconfigure the NT systems
> than the Linux & Unixware boxes I maintain. Personally, I think all
> of the security aspects reside in the sysadmin's head. If the
> sysadmin is a 'paranoid' then the system will be relatively secure no
> matter what the OS (business requirements excepting) . I can and will
> if at all possible stop the opportunist ( casual knob twiddling ) but
> I can's secure the door against a 'locksmith' or a battering ram.
> Jim Leo
> admin @