From: Dark Knight <DarkKnight@Elitehackers.org>
To: “William H. Geiger III” <whgiii@invweb.net>
Message Hash: da556809892b807c5254ec44c8d100727f673ed4f6136ca761fdca9553d21952
Message ID: <Pine.LNX.3.96.980602172921.21860A-100000@Nigger.EliteHackers.org>
Reply To: <199806022355.SAA008.18@geiger.com>
UTC Datetime: 1998-06-03 00:42:52 UTC
Raw Date: Tue, 2 Jun 1998 17:42:52 -0700 (PDT)
From: Dark Knight <DarkKnight@Elitehackers.org>
Date: Tue, 2 Jun 1998 17:42:52 -0700 (PDT)
To: "William H. Geiger III" <whgiii@invweb.net>
Subject: Re: WinNT C2?
In-Reply-To: <199806022355.SAA008.18@geiger.com>
Message-ID: <Pine.LNX.3.96.980602172921.21860A-100000@Nigger.EliteHackers.org>
MIME-Version: 1.0
Content-Type: text/plain
>
> >Windows NT4.0 has been tested under the red book spec published by the
> >NCSC. That means in effect, NT is C2 compliant in a stand alone
> >environment. Howver, NT does NOT comply with the orange book spec which
> >defines additional requirements when the machine is used in a networked
> >environment. It *IS* possible for an operating system that is on a
> >networked machine to be C2(Orange Book) compliant. Microsoft has never
> >stated that it is C2 compliant on a network, however their page about C2
> >and NT is poorly worded, and effectively discounts the importance of the
> >Orange Book spec.
Do you know the Redbook specs? From my understanding of the specs to have
a C2 rateing you can't have a NIC card or Disk Drive. But I think you can
have a NIC card in the machine connected to a network that is enrycpted
network. But I could be wrong but I don't forget most of what I read..
>
> >It would be fun to get ahold of the specs from the NCSC.
>
> You have this backward,
>
> The "Red Book": NCSC-TG-005 "Trusted Network Interpretation of the Trusted
> Computer System Evaluation Criteria"
> The "Orange Book": DOD 5200.28-STD "DOD Trusted Computer System Evaluation
> Criteria"
>
> A NT machine to meet DOD 5200.28 C2 rating needs to be seriously crippled
> when comapired to normal operation. No removable media, No Modem, No
> Network Connection, hell pluging the dam thing and turning it on probably
> puts it's C2 rating in jepordy.
>
> The reason M$ downplays their C2 rating is that in average day to day use
> of this OS it does not meet this rating.
>
> NT has never had any RedBook rating and is not certified for use in a
> secure network.
MS is haveing problems meeting the standards and they have alot of work
to do on NT when it comes to Secuirty. Any was see MSN.com today?
|)ark |(night
DEFINITION.
Windows 95: n. 32 bit extensions and a graphical shell for a
16 bit patch to an 8 bit operating system originally coded for
a 4 bit microprocessor, written by a 2 bit company, that can't
stand 1 bit of competition.
Http://www.EliteHackers.org/DarkKnight
Return to June 1998
Return to “Xcott Craver <caj@math.niu.edu>”