[52433] in Cypherpunks
Re: NT's C2 rating
daemon@ATHENA.MIT.EDU (David Loysen)
Thu Mar 21 14:06:01 1996
Date: Thu, 21 Mar 1996 10:21:16 -0800
To: cypherpunks@toad.com
From: David Loysen <dwl@hnc.com>
At 04:53 AM 3/21/96 -0800, you wrote:
>> Basically, I'm now questioning the C2 rating of Windows NT. The
>> entire security layer is modular to the Kernel. As a modular
>> driver, it can be removed, rewritten, and replaced.
>
>Good questioning.
>
>> So, what makes it secure? What gives it the C2 Rating? How would
>> one go about getting a C2 rating?
>
>The fine print says its insecure as soon as its connected to a network.
Ain't nothing fine about that print. An operating system or piece of
hardware may be C2 certifiable. But only a complete system in a specific
configuration can be certified as C2 compliant. The way I read the orange
book, no system with a network connection can ever be C2. For that matter a
system can't get C2 unless it is in an area where you can control and
monitor physical access to the system.
So if you can't hack it over the wire, and you can't remove, rewrite and
replace the kernel because you can't get near the keyboard what's the problem?
dwl@hnc.com
David Loysen
619-546-8877 x245
