[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40AA95CB.5995.307F71AB@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Support the Sasser-author fund started
Valdis.Kletnieks@...edu to me:
> Actually reading what C2 *required* is quite enlightening.
More "worrying" given that MS' focus on getting C2 certified was to be
able to bid for the "more lucrative" DoD and related contracts that
required C2-level systems (no matter how arbitrarily -- incredibly few
of them were ever actually configured and run at C2).
> Code identified as a 'Trusted Computing Base'. Identification of specific
> users.. discretionary access controls.. an audit trail.. object clearing before
> reuse.. Testing for *obvious* flaws..
>
> Yep, that's about it. ...
"Guaranteed boot path" (can't recall the precise wording) -- something
MS was already actively campaigning against with its "boot from
network" requirement for the upcoming PC 95 or PC 97 hardware platform
specs, and something that no "typical PC" could ever meet. The C2 cert
for NT "fudged" this requirement by removing the floppy drive (and
perhaps by testing on a machine whose BIOS did not yet support "boot
from CD").
> ... Userid/password, some sort of user-settable file
> permissions, don't let the next user snarf blocks off the disk by allocating
> a big file, and keep an audit trail. *real* stringent. Even when NT came out, C2
> wasn't considered much security at all... Most of this stuff was already
> well understood when Multics was done in the mid-60s.
>
> Security labels? MAC? Those are B1.
>
> "A team of individuals who thoroughly understand the specific implementation
> of the TCB shall subject its design documentation, source code, and object code
> to through analysis and testing". That's not a requirement till B1 either.
> (Yeah.. ponder THAT one - you don't have to do a thorough test to get C2 ;)
>
> "Trusted Path" for login? That's in B2, as is covert channel analysis.
>
> You get the idea... ;)
No -- I _know_ the idea.
The point is that NT is usually sneered at by *nix bigots whose
favourite OSes are _just as lame_ by those same miserable criteria.
IIRC (and I really don't care as it really doesn't matter) but no
"mainstream" *nix matched NT's C2 certification for a year or more
when, IIRC, some Solaris variant was gonged C2 too.
Anyway, the real point is that all the currently popular systems
implement some form of _discretionary_ controls, which (by definition)
have to actually be enabled before thay can be any use (regardless of
how much or how little use they can be) and as most current "system
admins" don't even have that concept in their computing world views,
it's kinda academic to debate whether the OSes these "admins" run
support DAC, MAC or whatever...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists