Don Kelloway wrote: > > Yes, I'm aware of that too... > > But we shouldn't forget that the same applies to the other os's either. If I if you�ve read my mail i am quite aware of that ... > remember correctly, XENIX which has an even higher TCSEC rating has been > certified to only run on a Intel 386... <grin> wowwwwwwww ... a 386, really ... bet on it, windows would not even run on it *eg* greetz from Vienna Hannes > > Best Regards, Donald Kelloway > http://www.commodon.com > > -----Original Message----- > From: Johann G. Hautzinger <[EMAIL PROTECTED]> > To: Don Kelloway <[EMAIL PROTECTED]> > Date: Friday, June 04, 1999 1:45 AM > Subject: Re: Why not NT? > > >Don Kelloway wrote: > >[...] > > > >> But IMO, I think people are either forgetting or overlooking the fact > that > >> the Windows NT4 op/sys can be made "C2" and "E3/F-C2" secure and that the > >> installation of a properly configured NT-based firewall on top of such a > >> system can provide an equally solid, stable, security solution as any > >> other... > >> > >> For those who aren't familiar with the acronyms mentioned above: > >> > >> "E3/F-C2" is widely acknowledged to be the highest ITSEC evaluation > rating > >> that can be achieved by a general-purpose operating system and "C2" is > >> widely acknowledged to be the highest TCSEC evaluation rating that can be > >> achieved by a general-purpose operating system. > >> > >> With regards to NT4's "E3/F-C2" compliance, here's a brief summary: > >> > >> On April 28th, 1999, the UK Government announced that Microsoft� Windows > NT� > >> Server and Workstation 4.0 had completed a successful evaluation under > the > >> ITSEC regime at the E3/F-C2 level. E3/F-C2 is widely acknowledged to be > the > >> highest ITSEC evaluation rating that can be achieved by a general-purpose > >> operating system. > >> > >> For the rest, see > http://www.microsoft.com/security/issues/e3fc2summary.asp > >[...] > > > >hi there, > > > >just wanted to mention one point, which - according to my opinion - is > >_very_ important when talking �bout c2 and others in that row: > > > >these security standards are given to _complete_ systems only (i.e. > >software _plus_ hardware), nt 3.51 made it on a compaq standalone (_no_ > >network), nt 4.x didn�t make it yet, as far as i know (_still_, i�d like > >to say - after being sold for quite a while now ...) ... if you do not > >have _exactely_ the same hardware there is _absolutely_ no way of making > >it c2 safe (as the standard "c2" is a combination of software _and_ > >hardware features), maybe one can reach the software part of c2 using it > >on different hardware, but i am quite sure that _any_ os _can_ be made > >c2 safe (nearly any - anyway ;-) > > > >ahhhh - yesssssss - there was one good laugh i had in an nt course i was > >attending one year ago ... there is sort of c2 security advisor (i think > >in the resource kit, as far as i remember), which helps to make your > >computer c2 safe - the first thing it said was: "please turn of network > >support" - good shot :-) > > > >c2 was quite a good marketing gag anyway - at least talking �bout > >windows ... > > > >greetz from Vienna > > > >Hannes > > > >-- > >Johann Georg Hautzinger http://treasury.erstebank.at > >Erste Bank AG - OE 560 - IT & Workflow Management > >Boersegasse 14 Tel.: 536 31 1907 > >1010 Wien email: [EMAIL PROTECTED] > > -- Johann Georg Hautzinger http://treasury.erstebank.at Erste Bank AG - OE 560 - IT & Workflow Management Boersegasse 14 Tel.: 536 31 1907 1010 Wien email: [EMAIL PROTECTED] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
