Re: After Y2K, critical infrastructure

At 08:49 PM 12/23/99 -0500, Deepak Jain wrote:
Sorry to ruin your sleep. NT is ONLY C2 certified as a standalone workstation. I.e. NO NETWORKING DRIVERS ENABLED
Good grief Charlie Brown, it was a joke. C2 certification means about as much as Y2K certification. There are so many qualifications they are meaningless in any real world situation. It's another checkmark you have to make on the paperwork before winning the bid. I know my laptop is ready because it came with a Y2K-ready sticker on it. After I brought it home, I only needed to download a half-dozen different patches for Y2K, security, and just plain bugs. The issue of being C2 certified only as a standalone workstation is hardly unique to Microsoft NT. As far as I know, ALL the C2 certified operating systems Unix, VMS, VM, etc are only in standalone mode. Others, such as Linux, aren't certified even in standalone mode (well, maybe in the unplugged, encased in concrete, and dropped to the bottom of the ocean mode). If that wasn't a troll, I don't know what is.

On 23 Dec 1999, Sean Donelan wrote:
At 08:49 PM 12/23/99 -0500, Deepak Jain wrote:
Sorry to ruin your sleep. NT is ONLY C2 certified as a standalone workstation. I.e. NO NETWORKING DRIVERS ENABLED
Good grief Charlie Brown, it was a joke.
C2 certification means about as much as Y2K certification. There are so many qualifications they are meaningless in any real world situation. It's another checkmark you have to make on the paperwork before winning the bid. Indeedity.
The issue of being C2 certified only as a standalone workstation is hardly unique to Microsoft NT. As far as I know, ALL the C2 certified operating systems Unix, VMS, VM, etc are only in standalone mode. Others, such as Linux, aren't certified even in standalone mode (well, maybe in the unplugged, encased in concrete, and dropped to the bottom of the ocean mode).
The US standard for evaluating trusted systems, TCSEC, (Orange Book) indeed does not specify anything about network. UK standard, ITSEC, Red Book, does. I think they are trying to merge these two into a new "consolidated evaluation criteria" or somesuch. In addition, systems can be evaluated under TNI (Trusted Network Interpretation) of TCSEC, but I think nobody bothered to do it, because ITSEC is better at specifying security...(Or maybe its easier for vendor to get ITSEC certification than TNI?) -- Alex Pilosov | http://www.acecape.com/dsl Acecape, Inc. | AceDSL:The best ADSL in Bell Atlantic area 325 W 38 St. Suite 1005 | (Stealth Marketing Works! :) New York, NY 10018 |
participants (2)
-
Alex Pilosov
-
Sean Donelan