Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!execu!sequoia!rpp386!jfh From: jfh@rpp386.cactus.org (John F Haugh II) Newsgroups: comp.unix.sysv386 Subject: Re: SCO doesn't sell UNIX Message-ID: <18815@rpp386.cactus.org> Date: 13 Dec 90 02:20:30 GMT References: <18804@rpp386.cactus.org> <876@visenix.UUCP> Reply-To: jfh@rpp386.cactus.org (John F Haugh II) Organization: Lone Star Cafe and BBS Service Lines: 32 X-Clever-Slogan: Recycle or Die. In article <876@visenix.UUCP> beattie@visenix.UUCP (Brian Beattie) writes: >In article <18804@rpp386.cactus.org> jfh@rpp386.cactus.org (John F Haugh II) writes: >-Technically speaking, there is no such thing as a secure distributed > >Bzzzzzzzt I'm sorry but that is not correct. :-) > >-system. The Orange Book does not address network O/S's and once you >-connect your machine to another, all bets were off. > >It is The Red Book disscusses this issue. > >Although John is correct with respect to the Orange Book, in that if >you have an ethernet or a modem or a pad or the like your system is >outside the scope of the Orange Book. That is not to say that it is >insecure, just that it does not meet the requirements of a TCB (Trusted >Computing Base) as described in the Orange Book. As far as I know, the NCSC has =never= formally evaluated a system using the Red Book. For network stuff I use the Red Book as I guide, but I don't believe that it is the authoritative answer on network security. At least, not until someone has a system rated using the criteria in there. I don't even know that anyone has ever submitted a configuration for evaluation according to the Red Book. I am sure someone will correct me if I am wrong, but none of the final evaluation reports I've read or seen listed refer to network systems or the Red Book. I am not convinced that there will ever be a heterogenous secure distributed system and I'm not so sure homogenous is going to happen any time soon. -- John F. Haugh II UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 Domain: jfh@rpp386.cactus.org