home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.security
- From: prl@iis.ethz.ch (Peter Lamb)
- Subject: Re: C2
- Message-ID: <prl.697733838@iis>
- Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH
- References: <stevew.697681568@helios> <486@trwacs.UUCP>
- Date: 10 Feb 92 14:57:18 GMT
-
- epstein@trwacs.UUCP (Jeremy Epstein) writes:
-
- >In article <stevew.697681568@helios>, stevew@helios.unl.edu (Steve Wu) writes:
- >>
- >> I am runnung SunOS 4.1.2 and I am going to run C2 on it.
- >>
- >> Has anyone had any comment about Sun C2? I would like to know about it.
-
- >Just a warning: Sun's C2 system is *not* really C2. It does not meet
- >the TCSEC C2 requirements, has never been submitted for evaluation,
- >and from what I hear Sun has no intention of ever getting it evaluated.
-
- It's no hearsay.
-
- "Note that SunOS C2 security features differ slightly from what
- would be required for an NCSC-evaluated C2 system; it has not been,
- and will not be, submitted for NCSC evaluation."
-
- SunOS "System and Network Administration", Ch. 19, p613,
- "Administering C2 Security", Sec. 19.2 "What is C2
- Security?", Sun PN 800-3805-10, Revision A of 27 March, 1990.
- (Manual set distributed with SunOS4.1)
-
- >All of which means that it may offer some degree of security, but probably
- >less than an evaluated system. Calling it C2 is a misnomer, although
- >that's what Sun does.
-
- Indeed.
-
- The Sun manual even appears to contradict itself on this
- on the previous page:
-
- "The following are the seven NCSC security criteria:
- [...]
- C2 Auditing and Authentication. [...] (For example, SunOS
- Release 4.1 with the Security option installed)".
-
- ibid., p612.
-
- Peter Lamb (prl@iis.ethz.ch)
-
-
