On Thu, Jun 03, 1999 at 01:07:58PM +0000, Peter da Silva wrote:
| C2 is about the lowest TCSEC rating that's worth actually paying attention
| to. Apart from the auditing requirements, a plain vanilla Linux box could
| meet C2 if it were evaluated, and if you turn on enough NT audit logs to be
| worth anything you've just added another layer of instability to the system,
| because NT falls over when they fill up.
Incidentally, thats a C2 *requirement*, that a system halt when its
audit logs are full. Otherwise, you fill up the logs with junk,
attack, and theres no place to write that the system is being
attacked.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
