>A computer system manufacturer has pulled out thier B1 rated systems (OS and
>hardware combo) they are now marketing it as a B1 rated firewall.
Follow these steps:
- Call this vendor
- Ask, "Doesn't the simple act of plugging this box into the
Internet-at-large blow the B1 rating out of the water?"
- If you receive any answer other than 'yes, that's true,' run.
>Does any one know if there are any B1 rated firewall products, or would a B1
>rated OS make a good firewall on its own?.
The tools necessary in a B1-certified environment could certainly lend them-
selves to some firewall tasks; however, many of those tools would be overkill
in a firewall environment.
>Are applications running on a B1 rated system deemed B1?
Not by default. NCSC ratings (C2, B1, etc) are awarded to a *particular
configuration* of both hardware and software. You start adding to (or de-
leting from) that configuration, and your rating goes out the window (as
far as the NCSC is concerned).
>Does the Orange book make any reference to firewalls?
I don't beleive so - not in any significant fashion, that is. I'll have
to check the Red Book (Trusted Network Interpretation) when I get home.