> From firewalls-owner @
GreatCircle .
COM Wed Jul 27 23:31:44 1994
> From: Christopher Klaus <cklaus @
shadow .
net>
> Subject: Re: NCSC ratings
> To: morgan @
engr .
uky .
edu (Wes Morgan)
> Date: Wed, 27 Jul 94 12:30:58 EDT
> Cc: firewalls @
GreatCircle .
COM
> X-Mailer: ELM [version 2.3 PL0]
> Sender: Firewalls-Owner @
GreatCircle .
COM
> Content-Length: 1523
>
> >
> >
> > > ted> Hold the phone there cheif. As I recall AIX 3 exceeds the
> > > ted> Department of Defence C2 security rating.
> >
> > Remember, folks, these ratings are basically meaningless as soon
> > as you plug the box into an insecure network. The NCSC ratings
> > are awarded to *particular configurations* of hardware and soft-
> > ware, not to a generic OS distribution.
> >
> > I really ticked off an IBM salesman once by pointing this out,
> > as he was expounding upon the "highest security rating" enjoyed
> > by his product. 8)
>
> Looks like all the ratings and such arent helping the military:
>
> The Sun Herald, 22 July 1994
>
> PENTAGON UNABLE TO CATCH INTERNET HACKERS
>
>
> Washington -
>
> For seven months the Pentagon has been unable to locate hackers tapping
> into its unclassified computer system, officials said Thursday.
>
> Defense Department officials have known since December that intruders
> in the United States and abroad have gained access to Pentagon computer
> files through the Internet and, in some cases, stolen, altered and erased
> records. But despite a security budget in the "hundreds of millions of
> dollars," the Pentagon has been unable to close the breach.
>
>
>
> --- With hundreds of millions of dollars, you think they could install
> a firewall?
>
> Chris
>
> --
> Christopher William Klaus <cklaus @
shadow .
net> <iss @
shadow .
net>
> Internet Security Systems, Inc. Computer Security Consulting
> 2209 Summit Place Drive, Penetration Analysis of Networks
> Atlanta,GA 30350-2430. (404)998-5871.
>
Follow-Ups:
|
|
