Re: DOD 5200.28-STD capable OS?

From: phn@icke-reklam.ipsec.nu
Date: 03/12/03 

From: phn@icke-reklam.ipsec.nu
Date: Wed, 12 Mar 2003 20:16:03 +0000 (UTC)

In comp.security.misc Jim Nugent <nuge@execpc.com> wrote:
> On Mon, 17 Feb 2003 15:50:43 GMT, in <nx74a.140184$tq4.4415@sccrnsc01> "Tony"
> <tony@null.com> wrote:

>>If memory serves me right the C2 tool is in the windows resource kit.
>>
>>"Black_Ice" <root@localhost.localdomain> wrote in message
>>news:pan.2003.02.07.23.15.47.493141@localhost.localdomain...
>>> Here is something else to note. While I was in the military we used the
>>> C2 Certification standard. Different operating systems, Windows Based,
>>> Linux, and Unix are given a C2 configuration rating. This rating
>>> determined how secure an operating system was.
>>>
>>> One funny thing was, we used a C2 configuration tool to make Windows C2
>>> complient. But it turn out wondows (NT 4.0) was only C2 complient if it
>>> was off the network. So if you applied every C2 policy in the program, it
>>> would take the computer offline :-)

> This seems strange. I would think that a Windows NT 4 workstation would be more
> secure if it had to authenticate to a Domain Controller than if were
> stand-alone. Generally if the authentication data is on the box, anyone with
> physical access can breach the security. Or am I misunderstanding what C2
> Security means?

It's no real differnece, anyone may break into a windos box given physical
access.

> ----
> Jim 

-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.