From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 9 Jan 1996 10:27:03 +0800
To: cypherpunks@toad.com
Subject: Re: NSA Rigs Win NT to B
In-Reply-To: <199601090127.CAA14816@utopia.hacktic.nl>
Message-ID: <Pine.ULT.3.91.960108180923.24578B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jan 1996, Anonymous wrote:

> including Top Secret.  Windows NT was originally designed
> with security in mind.  A NSA evaluation team has
> determined that Windows NT 3.5 with Service Pack 3
> satisfies all class C-2 security requirements.  B-level
> of security strengthens the C2 level security features
> while providing stricter system assurances.

This is misleading at best. Windows NT is certified C2 as a standalone
workstation only. It has not been tested or certified for networked
environments. The fact that NT lets you know when you have attempted a
login as a user does not exist, without asking for a password, would
clearly disqualify NT Server from a C2 rating in a network environment, 
at least when NetWare services are used. 

Real NetWare servers do qualify for a C2 rating. 

-rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html