1998-06-02 - Re: WinNT C2?

Header Data

From: “William H. Geiger III” <whgiii@invweb.net>
To: Jim Tatz <jtatz@chemistry.ohio-state.edu>
Message Hash: 01039f97d1dea095dd9906418db9455324cfe9b9994f8f9fa94f7da2bd83d371
Message ID: <199806022355.SAA008.18@geiger.com>
Reply To: <Pine.GSO.3.93.980602185641.27020B-100000@chemistry.mps.ohio-state.edu>
UTC Datetime: 1998-06-02 23:51:48 UTC
Raw Date: Tue, 2 Jun 1998 16:51:48 -0700 (PDT)

Raw message

From: "William H. Geiger III" <whgiii@invweb.net>
Date: Tue, 2 Jun 1998 16:51:48 -0700 (PDT)
To: Jim Tatz <jtatz@chemistry.ohio-state.edu>
Subject: Re: WinNT C2?
In-Reply-To: <Pine.GSO.3.93.980602185641.27020B-100000@chemistry.mps.ohio-state.edu>
Message-ID: <199806022355.SAA008.18@geiger.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In
<Pine.GSO.3.93.980602185641.27020B-100000@chemistry.mps.ohio-state.edu>,
on 06/02/98 
   at 07:09 PM, Jim Tatz <jtatz@chemistry.ohio-state.edu> said:

>Windows NT4.0 has been tested under the red book spec published by the
>NCSC. That means in effect, NT is C2 compliant in a stand alone
>environment. Howver, NT does NOT comply with the orange book spec which
>defines additional requirements when the machine is used in a networked
>environment. It *IS* possible for an operating system that is on a
>networked machine to be C2(Orange Book) compliant. Microsoft has never
>stated that it is C2 compliant on a network, however their page about C2
>and NT is poorly worded, and effectively discounts the importance of the
>Orange Book spec.

>It would be fun to get ahold of the specs from the NCSC.

You have this backward,

The "Red Book": NCSC-TG-005 "Trusted Network Interpretation of the Trusted
Computer System Evaluation Criteria"

The "Orange Book": DOD 5200.28-STD "DOD Trusted Computer System Evaluation
Criteria"

A NT machine to meet DOD 5200.28 C2 rating needs to be seriously crippled
when comapired to normal operation. No removable media, No Modem, No
Network Connection, hell pluging the dam thing and turning it on probably
puts it's C2 rating in jepordy.

The reason M$ downplays their C2 rating is that in average day to day use
of this OS it does not meet this rating.

NT has never had any RedBook rating and is not certified for use in a
secure network.


- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://users.invweb.net/~whgiii/pgp.html
- ---------------------------------------------------------------
 
Tag-O-Matic: OS/2 means...CURTAINS for Windows!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNXSQ/I9Co1n+aLhhAQH0/AQAmuhCSKG8mogzfbvq9x7Z90vghRWPOKzJ
4AMffpsPh4mpUnx6VHPLBksa4j3lyUh/67WwqozILzDna1fXfbYu/7eFsWltjw2n
yb1YQKOIhJU+SgbO5kSfakc3oGaKAXElmHDcdTWJdl+g6PShDTM6KXRPgqcMi55I
jfnqVPDKics=
=CPFu
-----END PGP SIGNATURE-----







Thread