> Maybe. The biggest point for a "secure" OS vs. a "hardened" OS is that I
> might want to be able to audit the actions of the person who has control
> of the firewall system. This isn't a C2 thing, though, as I recall, but
> comes up in the "B" rating. I could be wrong here, as I don't dig into
> the rainbow books so much anymore.
That depends on how you interpret the book. DEC says no. Just about everyone
else (Secureware, Microsoft, etc) says yes, because of 220.127.116.11:
"The TCB shall be able to record the following types of
events: [...] actions taken by computer operators and system
administrators and/or system security officers..."
What Microsoft and Secureware do is security by obscurity. They don't provide
documentation and tools necessary to allow you to dig into the TCB and fiddle
with it. Though I have found a way for Administrator to get read/write access
to the SAM without rebooting in NT. It's not any big secret, I've seen several
other people refer to it... it's like the old cron hole in UNIX many many
> M$ used to ship NT with "everyone" having rights to the system directory.
> This may still be the case, for all I know;
It is on NT 4.0 beta, and on 3.51. The resource kit has a tool that puts your
system into a C2 secure state, but lots of applications stop working and of
course networking is disabled.