Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!execu!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F Haugh II)
Newsgroups: comp.unix.sysv386
Subject: Re: SCO doesn't sell UNIX
Message-ID: <18809@rpp386.cactus.org>
Date: 12 Dec 90 18:25:55 GMT
References: <2755CECE.4502@tct.uucp> <2332@cdin-1.UUCP> <18797@rpp386.cactus.org> <1990Dec12.085044.19965@ico.isc.com>
Reply-To: jfh@rpp386.cactus.org (John F Haugh II)
Organization: Lone Star Cafe and BBS Service
Lines: 36
X-Clever-Slogan: Recycle or Die.
X-Political-Statement: Remember Northern Ireland

In article <1990Dec12.085044.19965@ico.isc.com> rcd@ico.isc.com (Dick Dunn) writes:
>hype.  I don't know of *any*thing in C2/B1, that's not in "traditional"
>UNIX, that commercial installations would want, let alone need.

Object auditing, for starters.  It lets you know who has access to
what data and when they have accessed it.  Mandatory Access Control
for isolating information by employee level (employee, supervisor,
manager, executive, etc.).  Access Control Lists for fine granualarity
access control to applications and data.  Subject auditing (programs)
for real time threat detection for commercial systems connected to
outside networks.

>off the wall.  How many managers have you got, and how many employees?  You
>want to make 10% of your people feel better at the expense of 90%?  A
>manager stupid enough to keep personnel files unencrypted on a machine
>accessible to employees should be fired without hesitation; bag the C2.

UNIX standard encryption routines are so weak as to be laughable.  The
mere existence of a network connection makes most machines accessible
to employees.  Get a copy of Crypt Breakers Workbench and see just how
secure that crypt command is.

>If you're going to talk about who "feels better" you ought to look at both
>sides.  If you want to know whether a cattle prod is a pain in the ass,
>you'd better ask the owner of the ass as well as the owner of the prod.

Well, it might be nice of SCO would have actually implemented a real C2
system instead of the thing SecureWare gave them.  Then you might get
to see that C2/B1 is not the incredible pain in the ass you would like
to believe it is.  There is no need for any of the problems people are
experiencing to occur on a C2 system.  If you check the Orange Book
you will find that many of the more troublesome features are B1 or
higher requirements.
-- 
John F. Haugh II                             UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832                           Domain: jfh@rpp386.cactus.org