1993-11-12 - Re: Mounting a “Secure” filesystem in UNIX

Header Data

From: paul@poboy.b17c.ingr.com (Paul Robichaux)
To: pmetzger@lehman.com
Message Hash: d6d746a29022325dca8b6dffc901bb89ad7060ef7f70c96ba2c1367fac0ffad6
Message ID: <199311121921.AA09914@poboy.b17c.ingr.com>
Reply To: <9311121848.AA03516@snark.lehman.com>
UTC Datetime: 1993-11-12 19:23:45 UTC
Raw Date: Fri, 12 Nov 93 11:23:45 PST

Raw message

From: paul@poboy.b17c.ingr.com (Paul Robichaux)
Date: Fri, 12 Nov 93 11:23:45 PST
To: pmetzger@lehman.com
Subject: Re: Mounting a "Secure" filesystem in UNIX
In-Reply-To: <9311121848.AA03516@snark.lehman.com>
Message-ID: <199311121921.AA09914@poboy.b17c.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Not that I'm a Windows/NT fan- quite the contrary; although my
employer is the largest NT developer in the world behind Microsoft, I
personally want no part of NT.

> The security properties of Windows/NT are currently unknown since it
> has seen little real torture testing. 

NT is presently being evaluated by the NCSC for C2 status.

> The NT security mechanisms are also more complicated,
> which in my opinion means there are more potential bugs. 

Absolutely correct. However, I take some comfort from the fact that
Dave Cutler, of VMS fame, was the principal engineer on NT. For all
its (myriad) other faults, VMS is fairly secure out of the box.

> NT is a closed system, and there is no way to personally verify that
> code does what you think it should. I think its best to depend only on
> source available systems for security if possible.

NT doesn't have source available. Neither does SunOS. Both support the
same set of "open computing" protocols, so saying NT is closed is
specious at best.

Like the theoretical capacity of an optical fiber, using
source-available OSs as the bedrock for your own secure system is
wonderful in theory but extremely limiting in practice.

- -Paul

- -- 
Paul Robichaux, KD4JZG     | Caution: cutting edge is sharp. Avoid contact.
Intergraph Federal Systems | Be a cryptography user - ask me how.
	    ** Of course I don't speak for Intergraph. **


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLOPh3iA78To+806NAQHmiwQAtb2x4xqaFa+l35IIDCMm/BSQxzW3uoUT
HFXCqcUQNv7NZpOZ7J5wAkz39av/etcRFG908cPg0Hw3C5nUP6FooOegfiNicG41
lvsghouOMVKdz6vHIN32xccyVwDO9jTAIuIJmP/85IZInWtZhYYs9GO//EyTddKf
SlfpYLDCCQc=
=1unt
-----END PGP SIGNATURE-----





Thread