1996-03-22 - Re: NT’s C2 rating

Header Data

From: David Loysen <dwl@hnc.com>
To: cypherpunks@toad.com
Message Hash: fb2741c1481abfc8a21b46132e595251494026a479d427f1c1a8a707fda55cfe
Message ID: <199603212223.OAA01460@spike.hnc.com>
Reply To: N/A
UTC Datetime: 1996-03-22 11:42:56 UTC
Raw Date: Fri, 22 Mar 1996 19:42:56 +0800

Raw message

From: David Loysen <dwl@hnc.com>
Date: Fri, 22 Mar 1996 19:42:56 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <199603212223.OAA01460@spike.hnc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:54 PM 3/21/96 EST, you wrote:
>> configuration can be certified as C2 compliant. The way I read the orange
>> book, no system with a network connection can ever be C2. For that matter a
>> system can't get C2 unless it is in an area where you can control and
>> monitor physical access to the system.
>
>This is incorrect -- you can have a C2 system which has a network
>connection.  Indeed, you can get a B2 rating with a networked system,
>c.f. Multics.
>
>-derek
>
>
>
Well,  I never argue with anyone from MIT..... But.

I don't see any reason a C2 or B2 system can't be networked to another
system(s) with the same classification. But that isn't really what I meant.
Can you make a firewall system that is C2 compliant? Isn't this what you
would need in order to connect a C2 system or network to another non secure
network, (i.e. the internet)?

I do agree that there is no place in the orange book that says "thou shall
not speak ethernet" but can you network a system and be able to "require
that ADP systems that process, store, or use classified data and produce
classified information will, with reasonable dependability, prevent
delibrate or inadvertent access to classified material by unauthorized
persons, and unauthorized manipulation of the computer and its associated
peripheral devices." Which the orange book does say.

I guess "reasonable dependability" is a pretty broad term.

Pardon a newbie here if I am being unusally obtuse, but you can't learn if
you don't ask.


dwl@hnc.com		
David Loysen		
619-546-8877 x245		
			






Thread