This discussion on C2 is based on certified vs. certifiable. When
Microsoft stated their OS was C2 Certified, what they really meant was it
was CERTIFIABLE to a DOD, (Department of Defense), C2 level of security.
Obviously, they had no intentions of connecting this C2 certifiable OS to
a network--hence nulling out its certifiable ability. The OS was looked at
by the DOD and, based on its capabilities, was approved by DOD to be
certifiable. Basically, the DOD security levels, (C2, B2, B1, etc...) are
phases of levels of tightened security on a computer system/network. To
actually BE CERTIFIED, you have to submit an architecture proposal to the
DOD for certification. Then once approved (certified), its a nightmare to
make any type of modifications to your network architecture without long
drawn out requests. Generally, only Government operations go through this
pain staking procedure, (Air Force, CIA, blah, blah). The public sector
does not??? You should look around for a copy of the "Orange Book". It
will answer a lot of your questions, as well as put you to sleep because
its very very dull reading.
Additionally, the NSA has a series of security levels pertaining to network
level security, (red book). To date, I think Novell requested Red Book
certification, (once again certifiable ability), but I do not know the
status. And again, this is a process for attaining these levels of
security, NOT BEING CERTIFIED.
Hope this helps.
David Markle
-----Original Message-----
From: Peter.Kunz [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, June 22, 1999 4:46 AM
To: firewalls
Cc: Peter.Kunz
Subject: C2 Security
Folks,
with all the C2 security discussion, does anyone know of an OS that is C2
certified WITH the network? Or would one have to go to B1 or B2 to get
that?
Oh, and anyone have a good comparison of TCSEC vs ITSEC? Thanks.
cu
-pete
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
application/ms-tnef