Re: comparison of security of different operating system architectures

• Previous message: Casey Schaufler: "Re: comparison of security of different operating system architectures"
• In reply to: Marco Heusler: "comparison of security of different operating system architectures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "xpyttl" <xpyttl_nospam@earthling.net>
Date: Mon, 31 Dec 2001 13:55:36 -0500

Casey's posting made me think of something.

There is an NSA publication called the "Orange Book" that talks through a
lot of the issues of identifying what makes an operating system secure, or
not. I don't know if it's still available, and I don't know if it's
available outside the U.S. When I wanted one, I called NSA (don't remember
where in NSA now, probably the publication office) asking for it as the
Orange Book. Not only did they know what I was talking about but they sent
it for free. They also sent a whole bunch of other colored books, and kept
updating them for several years. Some of the other books were pretty good,
others only a bureaucrat could love.

I'm not a government employee and AFAIK they made no attempt to verify who I
was, so I assume that there isn't any sort of control on those publications.
Could be worth a shot.

..

"Marco Heusler" <marco.heusler@web.de> wrote in message
news:59211021.0112210716.1f51d141@posting.google.com...
> hi,
>
> i have to write a little paper where i have to compare different operating
> systems (e.g. Windows (9x, 2000), Linux, ...) concerning their security.
> i think that there is a very broad spectrum of what could be compared.
> so to narrow it all a little bit down i am looking for advice on the
topics i
> should cover.
> would it be wrong to cover things like protocol stack security, user
management,
> access control lists or/and are there other important parts?
>
> any help on this is appreciated.
>
> thanks in advance,
>
> marco

• Previous message: Casey Schaufler: "Re: comparison of security of different operating system architectures"
• In reply to: Marco Heusler: "comparison of security of different operating system architectures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Wikipedia "Cryptography" reaches Featured Article status ... Just add that to the page on wacky NSA conspiracy theories. ... Meyer also said ... same Joseph A. Meyer had written an article for an IEEE publication ... topic of public cryptography never even came up.) ... (sci.crypt) Re: Wikipedia "Cryptography" reaches Featured Article status ... publication, as described in both the quote itself and in the NIST ... NSA has characterized DES as one of their biggest mistakes. ... So DES was a mistake because it was followed by research? ... of DES lead to an explosion of published public sector crypto research. ... (sci.crypt) Re: Wikipedia "Cryptography" reaches Featured Article status ... the explosion of academic research into crypto that followed the DES ... publication, as described in both the quote itself and in the NIST ... Or because the NSA was not able to predict the future very well? ... of DES lead to an explosion of published public sector crypto research. ... (sci.crypt) Re: NSA enhancing Linux security? ... Umm... ... I think this was mentioned in an IEEE ... publication some time in the last two years: the NSA is able to intercept ... (comp.os.linux.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint