From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 1996 10:13:40 +0800
To: cypherpunks@toad.com
Subject: Microsoft's papers on NT C2 thang
Message-ID: <Pine.ULT.3.91.960112175053.29691A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Oops, signature is only valid if the > 80 column line is preserved]
-----BEGIN PGP SIGNED MESSAGE-----

I'd appreciate it if someone could critique these papers for me, probably
off the list. 

[Note that 198.105.232.5 is just one of the IP addresses being 
load-balanced by www.microsoft.com. The servers seem to crash a lot with 
the current Gibraltar beta, so if one IP address doesn't work (like .5 
isn't responding to pings right now), try another and it will work.]

- -rich

- ---------- Forwarded message ----------
Date: 12 Jan 1996 11:22:38 -0600
From: Richard P. Bainter <pug@arlut.utexas.edu>
Newgroups: comp.security.misc, alt.security,
    comp.os.ms-windows.networking.misc,
    comp.os.ms-windows.networking.windows,
    comp.os.ms-windows.nt.admin.networking
Subject: Re: Microsoft continues to mislead public about Windows security bugs (a bit long, with references)

In article <t6d9w0JfFigb089yn@oslonett.no>,
Rune Moberg <mobergru@oslonett.no> wrote:
>>This is true. In fact NT was never C2-certified as any kind of network 
>>server at all, but only as a standalone workstation.
>I read a statement made by MS, that it doesn't matter, because if NT is
>proved to be C2 secure in a standalone configuration, then it's secure
>on the network as well. 

You believe everything MS tells you?! How naive.

>C2 security, AFAIK, also requires that the server is protected (controlled
>access). Once you have physical access to a machine, you could open it,
>put in a floppy or hard drive, and access anything you'd like to on the
>machine in question (with a disk editor, or with a fresh installation of
>the OS in question). Atleast that's the only way I can think of to break in
>on a NT Server.

Otay, let me see. The server is protected if you aren't hooked up to a
network. That implies *nothing* about the fact when a network is plugged
into it. If I'm sitting at the console and have to enter a password to
do things, doesn't mean I have to enter one from the network when I
mount the entire disk. (Even if that is not the true case.)

There are orange, red and blue books. This is all well pointed out on:

http://www.windows.microsoft.com/TechNet/boes/bo/winntas/technote/security.htm

What has Microsoft actually passed? I had heard it was only Orange book
C2 and not Red book C2.

Micrsoft also points it out on:

http://198.105.232.5/NTServer/c2bltn.htm

Ciao,

- -- 
Richard Bainter          Mundanely     |    OS Specialist         - OMG/CSD
Pug                      Generally     |    Applied Research Labs - U.Texas
   pug@arlut.utexas.edu     |     pug@eden.com     |     {any user}@pug.net
Note: The views may not reflect my employers, or even my own for that matter.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPcRpI3DXUbM57SdAQFbWgP9HrpdsuC/p3iURubYobgXRXlvlmrRgJot
5kDBCOrDHRtyjXQj7n0CLU6TsEpTLR2ZfTGNUrKoc2lE1q0+PSzF4WpOyywNKULw
StB8d+0n0NPuN2Bcbb7mO0M0VbE9khL5CYrcfWB5FR6JPfXU18cfSTXCROgGu4U9
ASvbxOkVLeM=
=L7so
-----END PGP SIGNATURE-----