windows nt and gov. C2 rating

[mjlan...@my-dejanews.com]

I have heard conflicting reports on C2 with NT 4.0 does anyone know the
final answer.

does NT 4.0 meet the Governments C2 rating for network security i was in a
network meeting and someone said yes it was.
however a couple of weeks ago i thought i read that it was not
thanks bye

-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own

[DSCMT]

Sure.

Fine print: Many people (who dont like windows) point out that its only C2
if its not networked and doesnt have a floppy drive.

In the NT 4 networking resource guide, pg 112 and so, it states that nt 3.5
sp 3 *base operating system* made c2 in july 95. It goes one to say that MS
is invloved in evaluating NT 4 to obtain the c2 in a homogeneous network.
Nothing about disk drives however.

You can take it as you like I guess.

As a benefit towards MS, this statement is a bit ols, and Id check the
knowledge base. Also, Nt3.5 even got B ratings on a few aspects of the OS.

Justin

mjlan...@my-dejanews.com wrote in message
<734aek$5s$1...@nnrp1.dejanews.com>...

[Carl Taylor]

No NT is C2 compliant in stand alone mode only. Once connected to a network
it looses it C2 compliance.

mjlan...@my-dejanews.com wrote in article

[Steven]

NT is a best a pile of polerized rust and, at worst a licensing
agreement. To the best of my knowledge there is C2 compliance
specification for either.

C2 compliance applies to a running machine. I have seen the details of
one instance of an NT machine was certified as C2 compliant. It could
not do this with a network card, and this is where all these stories have
come from.

It is unfortunate that most of the disinformation on this subject has
originated from Microsoft. They saw a marketing opportunity an jumped at
it. The overwhelming majority of the population being post-human Homo
Consumerus fell for it.

Steven
In article <01be1664$8f335800$493d0a0a@ausydpc100>,
ctaylo...@crownworldwide.com says...

[Carl Cox]

One needs to understand that the C2 rating only applies to a stand-alone
system. ANY computer that contains a Network Interface does not qualify for
a C2 Rating BY DEFINITION OF THE RATING.

BTW, to qualify for C2 the Posix and OS/2 Subsystems are disabled. Only
WIN32 applications are allowed in a C2 compliant NT Workstation.

There are separate Government Ratings for Networked Computers.

HTH,
--
Carl Cox
Systems Support Engineer
Applied Retail Solutions, Inc.
The opinions expressed are my own, not those of my employer.

Steven wrote in message ...

[Steven]

Ah yes, I remember that thing about POSIX as well. How do you supose
they deal with that under NT4 where there is no POSIX sub system?

Steven
In article <91188649...@wagasa.cts.com>, cc...@appliedretail.com
says...

[Steve van Dongen]

There is a POSIX subsystem. I'm not sure what can be done with it but I
do know that it can be replaced by others.

Regards,
Steve

[Carl Cox]

If you are interested in what changes occur when set for C-2 Compliance try
the C-2 Config utility in the Resource Kit. Be prepared to re-install to
get an out-of-the-box configuration back. The OS/2 and POSIX subsystems
will be removed and it is so tight an ordinary user can't do much at all.
Extremely tight security gets in the way of running apps with shared
components such as MS Office, and even restricts allowing an app under a
restricted account from reading it's registry values.

Points up the inherent conflict between tight security and usability, and
why the default installation is not a "secured environment"... Usability
over tight security for the average user.

--
Carl Cox
Systems Support Engineer
Applied Retail Solutions, Inc.
The opinions expressed are my own, not those of my employer.

Steve van Dongen wrote in message <365C682F...@uniserve.com>...

[Carl Taylor]

Well NT 4.0 does still have a little bit of POSIX support, it supports
POSIX standard network naming conventions.

Steven <ste...@primacomputer.com> wrote in article
<MPG.10c6279a8...@news.netvigator.com>...

[Robin Ludchak]

The only real way for any network system to be C2 compliant is if everything,
AND I DO MEAN EVERYTHING is locked down. That is one of the issues that is hard
to comprehend! I am not sure if C2 compliance is really that crucial of an
issue within business. Just a thought!

[Steven]

Interesting it was a bit more obvious under 35

Out of curiosity ... I would assume one could not simply call the
functions that psxss.exe calls to create such files. Presumably they
only run in a certain context? I didn't see anything right off the top
that indicated opening a device and manipulating the raw data. This
would indicate that it is calling NT functions that are entirely case
enabled. Does anyone know what these are?

Steven
In article <91204739...@wagasa.cts.com>, cc...@appliedretail.com
says...

> If you are interested in what changes occur when set for C-2 Compliance try
> the C-2 Config utility in the Resource Kit. Be prepared to re-install to
> get an out-of-the-box configuration back. The OS/2 and POSIX subsystems
> will be removed and it is so tight an ordinary user can't do much at all.
> Extremely tight security gets in the way of running apps with shared
> components such as MS Office, and even restricts allowing an app under a
> restricted account from reading it's registry values.
>
> Points up the inherent conflict between tight security and usability, and
> why the default installation is not a "secured environment"... Usability
> over tight security for the average user.
>

> --
> Carl Cox
> Systems Support Engineer
> Applied Retail Solutions, Inc.
> The opinions expressed are my own, not those of my employer.
>

> Steve van Dongen wrote in message <365C682F...@uniserve.com>...
> >There is a POSIX subsystem. I'm not sure what can be done with it but I
> >do know that it can be replaced by others.
> >
> >Regards,
> >Steve
> >
> >Steven wrote:
> >>