Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!romp!auschs!awdprime!greenber.austin.ibm.com!jfh From: jfh@greenber.austin.ibm.com (John F. Haugh II) Newsgroups: comp.unix.sysv386 Subject: Re: security levels, V.4 Message-ID: <4470@awdprime.UUCP> Date: 5 Dec 90 17:45:45 GMT References: <2313@tabbs.UUCP> <1990Nov29.224243.2934@ico.isc.com> <1990Nov30.145545.29792@murdoch.acc.Virginia.EDU> Sender: news@awdprime.UUCP Distribution: na Organization: Obfuscated Features "R" Us, AWD Austin Lines: 41 In article <1990Nov30.145545.29792@murdoch.acc.Virginia.EDU> Ran Atkinson writes: > >In article <1990Nov29.224243.2934@ico.isc.com> rcd@ico.isc.com, Dick Dunn writes: >>And no, B2 is not required for V.4. It's an option--I think MLS will take >>you to the B2 level. The evaluated B2 product (SV/MLS) was not based on SVR4. It was based on SVR3.2.1 (or 3.2.2 or bzzt). I have a copy of the final evaluation (nice sleep inducer) laying about someplace, but it is not a SVR4-based product. If anyone cares, I'll post the specifics, but it is really pretty unexciting. >Dick is correct. The MLS (Multi-level Security) option for Unix System V >is needed if you want a B2 system. Note that UNIX System V/MLS is actually >certified by NCSC as being a B2 system. I don't think that SCO ever actually >got their "C2" product certified by NCSC (who are the only folks who can >certify Orange Book conformance). The certification handed out by the NCSC people covers a very specific hardware configuration and level of software. The reason that I doubt SCO will ever have a C2 for their product is because they would have to pick a hardware platform to have it rated on - and that is really the responsibility of a hardware vendor. The rating which AT&T received only applies to their hardware and that exact level of code (modulo being involved in RAMP, which I am certain they are). Any other level of software (read: bug fixes) or hardware model (read: performance improvements, etc.) are not covered. >If folks dislike C2, they will be much more unhappy with B2. I on the other >hand prefer at least a B1 system because it is much safer from breakins >and such. I'll not bore folks with the differences between C2 and B1 or B2; >if you want to know more, go read the Orange Book. Yes, I would like a B1 or B2 system for the house. MAC and least privilege are very nice features to have. For BBS users, trusted path is also nice. Keeps the little trojan horse weenies off your back. -- John F. Haugh II | This space intentionally | MaBellNet: (512) 838-4330 SneakerNet: 809/1C079 | left blank ... | VNET: LCCB386 at AUSVMQ BangNet: ...!cs.utexas.edu!ibmchs!auschs!snowball.austin.ibm.com!jfh (e-i-e-i-o)